rwise I'm willing to take a few stabs at things to keep the module
> alive.
>
> On Sun, Dec 5, 2010 at 7:57 AM, Nikos Mavrogiannopoulos
> wrote:
>> It seems I have no longer the time to keep up working with mod_gnutls.
>> Unless someone else steps up as mainta
It seems I have no longer the time to keep up working with mod_gnutls.
Unless someone else steps up as maintainer please consider this module
as unmaintained.
regards,
Nikos
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/
On Mon, Nov 22, 2010 at 8:35 PM, Max13 wrote:
> 34) Base64 decoding error.this Certificatefile is ok under normal mod_ssl.can
> you give me some advices that i can resolve this problem?part of my apache
> conf:72 LoadModule gnutls_module modules/mod_gnutls.so 73 #GnuTLSCache None
> "cbg.163.com x
On Sun, Nov 21, 2010 at 5:24 PM, Hardy Griech wrote:
> Hi Nikos,
>
> I've added code to mod_gnutls where gnutls_init() and gnutls_deinit()
> are called. Result is, that gnutls_deinit() is called only in some rare
> cases.
[...]
> I'm wondering which hook is actually called on termination of a con
On Fri, Nov 19, 2010 at 12:41 AM, George J. Walsh wrote:
> After resolving the permissions problem experienced with gnutls_cache, I
> started testing more thoroughly this morning. All was quiet until the
> first time the browser was addressed to https. The correct page was
> displayed but cpu uti
On 11/18/2010 10:20 PM, Hardy Griech wrote:
> On 18.11.2010 10:45, Nikos Mavrogiannopoulos wrote:
> :
>> Can you use valgrind to trace the leak?
> valgrind shows as the main leak:
>
> ==23601== 19,733,881 (2,399,856 direct, 17,334,025 indirect) bytes in
> 692 blocks are
On Wed, Nov 17, 2010 at 8:47 PM, Hardy Griech wrote:
> Hi (Nikos),
> after extending mod_gnutls to allow TLS-PSK and some testing, I'm
> wondering if all the gnutls_allocate_* need a gnutls_free_* to avoid
> memory leaks.
They need but I think that the _allocate_ functions are in a global state,
On Wed, Nov 17, 2010 at 11:12 AM, Hardy Griech wrote:
> I admit, I'm confused...
> I've tested two mod_gnutls setups: one with RSA key exchange, the other
> with PSK. Test client for both cases is gnutls-cli. Command lines are
> gnutls-cli --x509cafile ~/ssl/demoCA/cacert.pem --x509keyfile
> ~
On 11/16/2010 01:39 AM, George J. Walsh wrote:
> We are in the process of adding gnutls functions to our apache httpd
> server.
>
> The server is running Mandriva cooker (2011.0) with kernel
> 2.6.36-server.
>
> Apache is at rev 2.2.17
> mod_gnutls is at rev 0.5.9
>
> We have encountered a probl
On 11/13/2010 10:00 PM, Hardy Griech wrote:
> Hi (Nikos),
>
> any chance that TLS-PSK will be implemented? If not, what is the
> estimated effort for implementing it?
It's not in my plans, but it's pretty easy to add. If you want password
authentication, mod_gnutls has the SRP ciphersuites as w
On 10/25/2010 08:40 PM, Wayne Connolly wrote:
> Hi Nico,
>
> Thanks for the reply.
> I am using the version in the 9.10 apt-repository which is
> libapache2-mod-gnutls 0.5.5-1 install ok installed
> I cant compile the latest no matter what i try.
> (checking for apxs... /usr/local/apache2/bin/apxs
On Mon, Oct 25, 2010 at 9:22 AM, Wayne Connolly
wrote:
> I just tried out mod-gnutls in apache 2.2.12 ubuntu 9.10 because mod-ssl is
> not a option (no TLS compiled into our version and no way to get it...)
> All went perfect with the exception that one of the https sites always shows
> up the wr
On 10/05/2010 06:00 PM, Jonathan Richard wrote:
> Hi
>
> I am trying to configure apache2 with gnutls so I can have 2 SSL secured
> virtual hosts (domains) using only 1 IP address.
[...]
> Everything seems to works fine, the domain maps to the proper web sites but
> for some reasons, the only one
On Mon, Sep 27, 2010 at 6:18 AM, Hardy Griech wrote:
>> Many thanks to Hardy Griech for his investigation on the issues.
> many thanks to Nikos Mavrogiannopoulos for his responsiveness and
> mod_gnutls at all.
> BTW: what is missing for mod_gnutls 1.0.0?
Hi,
I want first to
Hello,
I've just released version 0.5.9 of mod_gnutls. It is a bugfix release
and is available from http://www.outoforder.cc/projects/apache/mod_gnutls/
Many thanks to Hardy Griech for his investigation on the issues.
regards,
Nikos
** Version 0.5.9 (2010-09-24)
- Corrected behavior in Keep-Al
On Thu, Sep 23, 2010 at 1:42 PM, Hardy Griech wrote:
>> "too long" is in this case 1008 (for the sake of perl apr_sdbm_t
>> compatibility). In my case len(key+val) is 1116...
> Setup of PAIRMAX to 1008 is appr. 9 years old. So I guess, You have a
> custom built apr-util, a very old apr-util or y
On 09/23/2010 11:22 AM, Hardy Griech wrote:
> On 22.09.2010 22:48, Nikos Mavrogiannopoulos wrote:
>> On 09/22/2010 10:13 PM, Hardy Griech wrote:
> :
>>> Both "DB" and "DEFAULT" generate a file with '/tmp-ram/gnutls: Berkeley
>>> DB (Hash
On 09/22/2010 10:13 PM, Hardy Griech wrote:
>> error you get is quite strange since the database is created and can be
>> opened but apr_dbm it cannot write at it. I cannot reproduce this
>> problem so any help from you is welcome. Do other database types such as
>> "db", "gdbm" or "default" work
On 09/22/2010 08:16 PM, Hardy Griech wrote:
> Output is now as follows:
>
> [Wed Sep 22 20:06:00 2010] [notice] Apache/2.2.16 (Debian) DAV/2
> mod_gnutls/0.5.8 configured -- resuming normal operations
> [Wed Sep 22 20:06:00 2010] [info] Server built: Aug 29 2010 14:59:54
> [Wed Sep 22 20:06:00 2
On 09/22/2010 09:11 AM, Hardy Griech wrote:
> On 22.09.2010 08:56, Nikos Mavrogiannopoulos wrote:
> :
>>> GnuTLSCache is pointing to a file in a writable directory
>>> (/tmp-ram/gnutls), but: there are only gnutls.dir and gnutls.pag
>>> contained in that direc
On 09/22/2010 08:49 AM, Hardy Griech wrote:
>>> [Wed Sep 22 07:13:59 2010] [debug] gnutls_cache.c(461): (22)Invalid
>>> argument: [gnutls_cache] error storing in cache
>>> '/var/cache/apache2/gnutls_cache'
>>
>> This isn't really relevant. Is the argument a directory? It should be a
>> file on a w
On 09/22/2010 07:15 AM, Hardy Griech wrote:
> :
>> Why wouldn't it be? Did you notice any issues? mod_gnutls only offers
>> the secure layer. The HTTP is still handled by apache thus anything that
>> worked without mod_gnutls should work with it.
> :
>
> Perhaps this is the problem (from error.lo
On 09/21/2010 08:55 PM, Hardy Griech wrote:
> Hi,
>
> I'm trying to configure mod_gnutls/apache to allow keep-alive
> connections, i.e. allow multiple http requests through a single connection.
>
> Is this actually possible with mod_gnutls?
Why wouldn't it be? Did you notice any issues? mod_gnu
such file or directory.
> in apr_tables.c
>
> I am not familiar at gdb, here are some debug info, I will do some
> homework of gdb first.
>
> Any suggestions are welcomed.
>
> 在 2010年9月11日 下午1:12,Nikos Mavrogiannopoulos 写道:
>> On 09/11/2010 05:33 AM, 俞黎敏 wrote:
>&
On 09/11/2010 05:33 AM, 俞黎敏 wrote:
> [r...@p520a:/ibm/YuLimin/Tools/gnutls-2.10.1]# echo $LDFLAGS
> -lgcrypt -lz
>
> then ./configure, at the end of it, I found static is no: Library
> types:Shared=yes, Static=no
Something is wrong there. You might want to use gdb to see why it is
crashing, o
On 09/10/2010 05:25 PM, 俞黎敏 wrote:
> and I make check of guntls-2.10.1 cause error like these
Add -lz to LDFLAGS. It seems only static libraries are available to AIX?
regards,
Nikos
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outof
On 09/10/2010 03:54 PM, 俞黎敏 wrote:
> I got many error like these message When I run make check under libgcrypt:
> exec(): 0509-036 Cannot load program
I don't know about the checks of libgcrypt, they might not operate
correctly. What about the checks in gnutls?
regards,
Nikos
Thu, Aug 19, 2010 at 1:41 PM, wrote:
> Hi,
>
> I think the Chrome and Firefox should be support SNI ?
>
> I tested it with this two Browsers.
>
> greets
>
>
> Original-Nachricht
>> Datum: Thu, 19 Aug 2010 03:23:49 +0200
>> Von: Nikos Mavro
On 08/18/2010 09:18 PM, Top44 wrote:
> Hi guys,
>
> I noticed on my testsetup that the second virtualhost chooses the
> certification file from the first virtualhost.
> Had someone of you a problem thats sounds like this and do someone have
> a fix for it ?
You have to use a browser that suppor
Hello,
I've just released mod_gnutls 0.5.8. The changes since 0.5.7 are:
- Session tickets are enabled by default.
- Fixes some segmentation faults noticed in some
configurations.
regards,
Nikos
___
Modules mailing list
Modules@lists.outoforder.cc
On 08/11/2010 06:27 AM, Jeff Williams wrote:
> Current Setup:
> FreeBSD 6.2 release
> Apache 2.2.16
> gnutls 2.10.1
> mod_gnutls 0.5.7
>
> Configuration/Installation is just fine however whenever a user accesses a
> page via https (443), all child processes for apache seg fault.
Hi,
Could you c
sented with the default
certificate.
regards,
Nikos
On Thu, Aug 5, 2010 at 2:53 PM, Davide Mirtillo wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Il 04/08/2010 12:20, Nikos Mavrogiannopoulos ha scritto:
>> On Wed, Aug 4, 2010 at 11:29 AM, Davide Mirtillo wrote:
&g
On Wed, Aug 4, 2010 at 11:29 AM, Davide Mirtillo wrote:
> Replacing _default_ with the network ip seems to work, but with both
> your rewrite rule and mine i am now getting this error from the browser:
> ssl_error_rx_record_too_long
Most probably you didn't enable TLS for this host. You can veri
Hello,
I've just released mod_gnutls 0.5.7. The changes since 0.5.6 are:
** Version 0.5.7 (2010-07-01)
- Force usage of SDBM. For some reason the default in
my system had issues after reaching a limit of entries.
SDBM seems stable so force it.
- Optimizations in session caching.
- Added sup
Just released mod_gnutls 0.5.6. The changes from the previous
released are:
- Corrected issue with firefox and long POST data (by
handling EINTR and EAGAIN errors in read).
- Added support for chained client certificates
- Corrected more issues related to double frees
http://issues.outoforder.
Daniel Clark wrote:
> Issue 096: mod_gnutls does not accept client OpenPGP certificates
> which have no expiration - http://issues.outoforder.cc/view.php?id=96
> - seems to suggest that there is some way either converting OpenPGP
> keys into pkcs12 (.p12) for import into web browsers or a web
On Fri, Oct 2, 2009 at 4:49 AM, Erick Calder wrote:
> Hello everyone,
>
> mod_gnutls is a great solution and should be available as a standard
> part of the various distributions out there. I've taken the trouble
> to walk the module through the Fedora submission process - it is now
> available i
Julian Blake Kongslie wrote:
> I'm trying to setup an apache 2 server that offers SSL using anonymous
> DH, and does not offer any certificate at all. Presently, my virtual
> host configuration is as follows:
>
>
> ServerName testbed
> GnuTLSEnable on
> GnuTLSPriorities NORMAL:+ANON
Erick Calder wrote:
Hello Erick,
> 2. SRP seemed to fail when the module tried to load, complaining about a
> missing function gnutls_srp_server_get_username. is there something
> else I need to have installed or is it a bug? I've compiled with
> --disable-srp for now but would like to figure ou
Arfrever Frehtes Taifersar Arahesis wrote:
> I'm attaching the patch which fixes building mod_gnutls with Apache 2.4
> (trunk).
Applied. Thank you!
___
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules
Hello,
I've just released mod_gnutls 0.5.5. I have also renamed the stable
branch as old-stable and the development branch as stable. The changes
since last release are:
- Removed limits on CA certificate loading. Reported by
Sander Marechal and Jack Bates.
- Do not allow sending empty TLS pac
g...@itchybit.org wrote:
> Hello,
>
> dpkg shows me this:
>
> ii gnutls-bin2.6.6-1the GNU
> TLS library - commandline utilities
> ii gnutls-doc2.6.6-1the GNU
> TLS library - documentation and exam
> ii libg
g...@itchybit.org wrote:
> Hello,
>
> dpkg shows me this:
>
> ii gnutls-bin2.6.6-1the GNU
> TLS library - commandline utilities
> ii gnutls-doc2.6.6-1the GNU
> TLS library - documentation and exam
> ii libg
It is gnutls (not mod_gnutls) that does the auto-detection. Thus
please specify the version you have in your system.
regards,
Nikos
On Thu, May 21, 2009 at 10:56 AM, wrote:
> Hello,
>
>> That command generates a new key, it does not convert your existing key.
>> So signature failures is expecte
On Wed, May 20, 2009 at 5:51 PM, wrote:
> hello,
>
> I investigated further on the private key. Its obtained from the provider
> 1&1 via some free SSL certificate giveaway that is a deal with Geotrust ..
>
> So the problem with the key is that its not generated by us, but its
> generated by eithe
In your certificate file just include the Intermediate CA certificate
after your certificate.
On Mon, Jan 26, 2009 at 1:15 AM, amine wrote:
> i used mod_gnutls for its sni support with many certificates signed by
> Verisign CA and everything worked fine
>
> for a new projet , i use startcom ssl c
Jack Bates wrote:
> Sander Marechal reports that he cannot use the CA certificates
> distributed in the Debian ca-certificates package with mod_gnutls:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573
>
> I confirmed that this behaviour is the same in mod_gnutls trunk revision
> 403:
Hel
Sander Marechal wrote:
> Nikos Mavrogiannopoulos wrote:
>> Sander Marechal wrote:
>>
>>> When I connect to the root I do not get asked for a client certificate,
>>> as expected. But when I go to /xmlrpc or to /users/certificate then I do
>>> not get
Sander Marechal wrote:
> When I connect to the root I do not get asked for a client certificate,
> as expected. But when I go to /xmlrpc or to /users/certificate then I do
> not get asked for a client certificate. Instead it simply shows the page
> as if verification succeeded.
What is the sessio
Jack Bates wrote:
> Sander Marechal reports that he cannot use the CA certificates
> distributed in the Debian ca-certificates package with mod_gnutls:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573
>
> I confirmed that this behaviour is the same in mod_gnutls trunk revision
> 403:
Tha
Sander Marechal wrote:
> I have done some more digging with regards to the Client Certificate
> issue I described in my previous e-mail. It looks like name-based
> virtual hosting isn't working at all on my setup. I discovered that
> after I changed the self-signed certificate from one of the virtu
Sander Marechal wrote:
> I have done some more digging and its weirdness. It looks like
> mod_gnutls does not take the VirtualHost directive into account.
>
> Below is again the configuration of my two virtual hosts. The Subversion
> server only has a server certificate. The CakePHP virtual host h
I don't think you can mix mod_ssl with mod_gnutls. The issue here it
was that gnutls dbm was started on a server where gnutls wasn't
enabled.
regards,
Nikos
On Wed, Jan 7, 2009 at 11:02 PM, wrote:
>
>>> NameVirtualHost *:80
>>
>> If you remove this line does it have any effect?
>
> I'm afraid n
m...@alexg.org wrote:
> Hallo,
>
> I am currently trying to install mod_gnutls on FreeBSD 6.3 within a Jail.
> - Apache 2.2.10 (also tried 2.2.8)
> - mod_gnutls 0.5.3 (also 0.4.3, svn)
>
> Everytime I try to start apache I'll get an error-log entry as follows:
>
> "[Thu Jan 01 20:05:12 2009] [wa
Hello,
I'm glad to announce mod_gnutls 0.5.4. This release fixes the long
standing bug with mod_proxy. The full list of changes is below:
- mod_gnutls.h: modified definition to extern to avoid compilation
errors in darwin.
- Added patch to fix issue with mod_proxy. Investigation and patch by
Stephane Bortzmeyer wrote:
> I'm pretty sure that ServerAlias worked before and I wonder what could
> have break recently? New version of mod_gnutls? Stupid configuration
> error from my side?
Could you find out on which version of mod_gnutls this broke? What was
your previous version?
> From: Web Response <[EMAIL PROTECTED]>
> Date: November 6, 2008 10:41:18 PM GMT-05:00
> To: Edward Rudd <[EMAIL PROTECTED]>
> Subject: mod_gnutls
> Reply-To: Brad <[EMAIL PROTECTED]>
>
>
> Message:
>
> I've setup everything exactly as specified...however, I am running
> two vhosts in apache 2.0.6
Edward Rudd wrote:
>> Message:
>>
>> Hi, I could compile mod_gnutls 0.5.3 successfully but it makes httpd
>> crash immediately on start, there is nothing written into error_log.
>> I'm on Fedora 9, Apache 2.2.10, gnutls 2.6.0, mod_ssl disabled. I
>> removed fedora gnutls and recompiled the one fro
Edward Rudd wrote:
>> Hello, Edward Rudd:
>>I am interesting in "mod_gnutls" module, but now i
>> want to known that if this module will support TLS-PSK cipher suite?
>> or support it in the road map?
>>
>> Whuige
Hello,
No TLS-PSK is not on the roadmap. TLS-PSK is not for web
authentica
On Fri, Oct 17, 2008 at 12:51 PM, Adam Hasselbalch Hansen <[EMAIL PROTECTED]>
wrote:
> Adam Hasselbalch Hansen wrote:
>
>> Ok, so, here's the deal.
>>
>> One (1) virtual host is defined in the Apache configuration. A seperate
>> module directs requests to the right docroot, based on the hostname f
Hello,
I've just released gnutls 0.5.3. This release it includes a fix to
allow an OpenPGP-only website to be operated, as well as an increase to
the number of iterations allowed in gnutls_handshake().
The latter should affect mod_proxy configurations, thus I'd appreciate
any reports from people
I have commited your patch plus a fix for your issue in the svn repository.
regards,
Nikos
On Tue, Sep 30, 2008 at 8:53 PM, Jack Bates <[EMAIL PROTECTED]> wrote:
> On Mon, 2008-09-29 at 10:44 +0300, Nikos Mavrogiannopoulos wrote:
>> Jack Bates wrote:
>> > - but when I st
Jack Bates wrote:
> Doh - thank you Nikos : )
>
> I created a key without a passphrase and got a bit further. I also found
> some documentation in the GnuTLS manual on creating OpenPGP server
> credentials:
> http://www.gnu.org/software/gnutls/manual/html_node/Invoking-gnutls_002dserv.html#Invoki
Jack Bates wrote:
> - but when I start Apache, it complains:
>
> ket% /usr/sbin/apache2 -f httpd.conf
> Syntax error on line 16 of httpd.conf-gpg:
> GnuTLS: Failed to Import PGP Private Key '/home/jablko/trash/key.asc':
> (-59) GnuTLS internal error.
> ket%
Hello,
gnutls and mod_gnutls cannot r
Tue, 2008-09-16 at 11:28 +0300, Nikos Mavrogiannopoulos wrote:
>> Hello Jack,
>> Could you check if gnutls 2.4.2 fixes your issue?
>
> Thank you very much Nikos, GnuTLS 2.4.2 seems to fix the issue : )
>
> Now I am having trouble getting Subversion to do client certificate
Most probably this is a problem of the client you use. mod_gnutls has
the same behaviour being on reload or not. If you believe this is a
problem of mod_gnutls please use tcpdump (or wireshark) and verify
that this is indeed a mod_gnutls issue.
regards,
Nikos
On Fri, Sep 19, 2008 at 12:32 PM, Ada
Ling-hua Tseng wrote:
> Here is my environment:
>FreeBSD 7.1-PRERELEASE
>apache-worker-2.2.9_5
>mod_ssl/2.2.9 (bundled with apache2 in FreeBSD's package/ports system)
>OpenSSL/0.9.8e (OS bundled library)
>gnutls-2.4.1_1
>mod_gnutls-0.4.3 (0.5.2 is also tested)
>
> There are
Verify with ldd that mod_gnutls.so is indeed linked with the gnutls
version you compiled. Try also to use valgrind with the same options.
regards,
Nikos
On Thu, Sep 18, 2008 at 5:19 PM, David Schueler
<[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote on 18.09.2008 16:00:21:
>> [EMAIL PROTECTED
Does this occur with gnutls 2.4.2? Otherwise could you send the output
of gdb with apache -X?
(or even valgrind).
On Thu, Sep 18, 2008 at 3:34 PM, David Schueler
<[EMAIL PROTECTED]> wrote:
> Hello all out there on this list.
>
> I have a problem with mod_gnutls 0.5.1 and apache 2.0.58.
> I used no
69 matches
Mail list logo