e data's requested by the proxy?
These are all questions that we need to know the answers to in order to
help you isolate the problem -- and as we all know, isolating the problem
makes it possible to resolve.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC W
te is used.)
I can't remember how to disable this, or change the setting... I'll look
this weekend, and see if I can find it.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.
e of a
little bundle of joy around to make life all worthwhile.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
On Fri, 23 Jun 2000, Ralf S. Engelschall wrote:
>
> Welcome to the world, Noah!
&g
words, "make it secure"
refers only to 'ensure that our pages cannot be defaced', which is a
different problem from 'ensure that our clients' information cannot be
intercepted on the backbone'.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]
Ah. How you need to do this is to add another section:
DirectoryIndex index.html index.htm
This is because the existing DirectoryIndex for your documentroot doesn't
cover /usr/local/sambit.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC W
data was received on the secure site.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++
RLCT/M*/LW* a cl/u/v
Actually, this is a documentation error of sorts. The section SHOULD read
like this:
---
It used to be that France and the USA had severe restrictions on the use
of and/or export of cryptography. Fortunately, France repealed its
draconian regulation on the use of heavy-strength cryptography, an
x27;.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++
RLCT/M*/LW* a cl/u/v>+ !d e- f&g
rator cards for all your
content servers. It's MUCH less headache, and it will be faster (as well
as more effective, and time-efficient, and energy-efficient) in the long
run than the kind of hack you're suggesting.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]
un as another server, and have the
key readable only by root)."
Ralf: document bug, it says "preferably get your webserver to start as
root but run as another server". That should read '...as another user".
---
Mat Butler, Winged Wolf <[EMAIL
work) header that will do what you
want, but chances are that whatever you find will be client-specific.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
On Fri, 19 May 2000, Doug Poulin wrote:
> I
rsync.samba.org/.
-Mat
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
On Fri, 19 May 2000, Airey, John wrote:
> Does anyone know whether it is possible to have some form of clustering
> involving
e SSL session, which is
following the 'SSLSessionCache none' rule.
The only way to fix this would be to set up a cookie that times out, along
with requiring a different authentication system (not Basic
authentication).
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
The httpd binary you're using doesn't have mod_ssl support in it. (Either
you need to load the module, or [more likely] you didn't install the
httpd+mod_ssl binary binary in the proper place.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
X. Unless
things have drastically changed, it should let you.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++
You most likely forgot the Listen 443 parameter in httpd.conf, and the
SSLEngine on in the virtual host.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D
ieness, if only because you're -encouraged- to
recompile your own kernel.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder]
Short form: You can't. (This is why the PEM pass phrase is so important
-- people who steal your ca.key won't be able to impersonate you.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
---
The most simple test is: httpd -t -DSSL. This will tell httpd to scan
the httpd.conf file -with the SSL parts enabled-. If you have a problem
with the SSL syntax, this will tell you.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web En
RewriteRule returns a 301 message to the client, which then does the
actual requesting from the second server. ProxyPass tells the webserver
to do its own request, passing the information to the client when it
retrievesit from the second server.
---
Mat Butler, Winged Wolf
ends the requested
resource back to the client, also through SSL.
The problem you're describing only occurs on systems that don't require a
secure handshake to accept a connection to the lower layers that process
the request.
---
Mat Butler, Winged Wolf <[EMAIL PROTE
Try (instead of localhost:443) using 192.168.0.225:443, in your openssl
s_client commandline.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D
Some versions of MSIE 4.01 and MSIE 5.01 have a problem in schannel.dll.
This is documented as Microsoft Knowledge Base document Q247367. (It
links to a fix -- apply it, then reboot.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web En
loses before properly terminating as a reportable exception, it has to
put it in the log. The hint is there because that's the -usual- cause of
the report.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administra
reason
for this is that the 'Incorp by Reference' certificate throws MS's
validation algorithm screwy, and it's caused by an invalid key in the
released version of MSIE 5.01.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer
7;View
Certificate'], and export it to a file. [This is done under the Details
tab, and Copy to File.])
Hope this helps. (I believe it gets exported in standard .der format, but
I could be mistaken.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer
The trick now is just to create a link and send the .crt file to the
client. (This only works for Netscape. For MSIE, you need to send a .der
file that contains the same information as the .crt, in a different
encoding.)
---
Mat Butler, Winged Wolf <[EMAIL PROTEC
, which is essentially a
.crt minus the base-64 encoding. (openssl x509 -inform crt -in ca.crt
-outform der -out ca.der ... or something like that. It's been a while
since I've done it. There's an FAQ entry on it, at the least.)
---
Mat Butler, Winged Wolf <[E
can of your machine will see
the names of the certificates the server is presenting. (Which is a
larger security hole, in my opinion, than the protocol-modification idea
above.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SP
Try using RewriteRule http://address/directory/(.*)
https://address/directory/\1 .
(If that doesn't work, look for the documentation in mod_rewrite.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Ad
Use the command to define 'EAPI' as a preprocessor symbol. (That's what
-D does under all the command-line C compilers.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
---
The ServerName directive should be the name that the certificate is, not
the canonical name. Apache always returns the ServerName as the site's
official name, and that causes this mess.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC W
In order for the stepup to work, you have to allow 40-bit encryption so it
can figure out that it needs to step it up.
Regards,
-Mat
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCod
quot; that can explain it in more detail, and probably in a
simpler format.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder
ng up
'providing technical assistance' regulations.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++
ns.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
On Thu, 23 Dec 1999, Keith Vance wrote:
> I am having trouble getting authentication to work in my virutal host in the SSL
>section of my httpd.
PHP versus mod_ssl versus mod_perl... have you made certain that you have
AddType application/x-httpd-php .php in your httpd.conf?
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
On Fri, 17 Dec 1999,
for
IIS, so I do not know. (Since a certificate is useless without the
private key that goes with it, you may be able to post it so we can take a
look at it.)
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer
er, the notion of a valid certificate, or public key, for
> authentication is central to the utility of strong (public-key)
> cryptographic solutions. If you don't know who you're talking to, who
> cares how strong the cipher is? Or vice versa, for your
> customers/clients
FAQ: I'm running Linux 2.2.x with glibc 2.0, trying to compile mod_ssl 2.4.4
(openssl 0.9.4). During compiliation, I get an 'incompatible type for 4th
argument of semctl' error. What do I do?
A: A couple of things. As a temporary workaround, you can use mod_ssl 2.4.3
(until Ralf gets 2.4.5 out
t allowed to on this list?). Passwords are MUCH easier to get
working at first, to make sure it's functional.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A
n. There's no way around it.
---
Mat Butler, Winged Wolf <[EMAIL PROTECTED]>
SPASTIC Web Engineer SPASTIC Server Administrator
Begin FurryCode v1.3
FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++
RLCT/M*/LW* a cl/u/v++
The modssl-users list is not the appropriate place to ask this question.
However, since I'm a nice guy, I'm going to answer anyway :> :
Do a 'man errno'. This is a system variable that's declared in errno.h,
which is one of the files that it failed on. This will give you (on your
Solaris system
it wants.
>What format of certificates does recent versions of Netscape or IE
>prefer to import?
I don't know the latest answer to that question.
>TIA
>john.
-Winged Wolf
smime.p7s
44 matches
Mail list logo
