John.Airey | 1 Sep 16:56 2003
Picon

RE: virtual hosting

> -----Original Message-----
> From: Boocock, John (Academy) [mailto:John.Boocock <at> capita.co.uk]
> Sent: 22 August 2003 14:04
> To: 'modssl-users <at> modssl.org'
> Subject: RE: virtual hosting
> 
> 
> Although I'm sure that most people get quite bored and 
> frustrated about
> questions on virtual hosting that have appeared countless times in the
> archives I don't think I've ever noticed what I was wondering being
> answered.
> 
> If you had a wildcard certificate which worked for 
> *.domain.com, would name
> virtual hosting be possible then assuming that all your 
> virtual hosts were
> things like "secure.domain.com" and "basket.domain.com" as 
> they are actually
> all using the same wildcard certificate for the SSL handshake.
> 
> If anyone could answer that, it would be great and 
> potentially save some
> messing when it comes to IP addresses.
> 
> Cheers
> 
> JB
> 
I'd have thought you'd have found an answer from me in the archives (or
(Continue reading)

Vincent KERAVEC | 1 Sep 17:32 2003
Picon

Modssl wait background script to finish

Hello,
I've got a problem with modssl. When I run a script in background, the
server doesn't respond to the browser who start the script on port 143
until the script finish. The server continue to reply to all other browser.

I'm running Apache/2.0.40 (Red Hat Linux) with mod_ssl/2.0.40 and
OpenSSL/0.9.7a. I'm also using client side authentication.

Is there something to change in the ssl configuration to allow
background process ?

Thanks,
Vincent KERAVEC

ps : When i put modssl in loglevel debug the server seems to wait after
this message :
    [Wed Aug 27 15:10:30 2003] [debug]
/usr/src/build/250859-i386/BUILD/httpd-2.0.40/modules/ssl/ssl_engine_io.c(1005):

+-------------------------------------------------------------------------+
[Wed Aug 27 15:10:30 2003] [info] Initial (No.1) HTTPS request received
for child 0 (server ***.****.***:443)

Attachment (smime.p7s): application/x-pkcs7-signature, 5312 bytes
Dave Paris | 1 Sep 17:40 2003

RE: Modssl wait background script to finish

A couple questions.  Is this something like a SSL-protected web interface to
an IMAP server (ref: your mention of port 143)?  If so, are you accepting
certain directives which are being passed on to the IMAP server (ref: "start
the script on port 143")?  If this is the case, it sounds like what you're
intending to do is start a "fire and forget" script .. not being concerned
about the return value from the script.  If that's the case, you may want to
look at creating a IPC process of some sort that can be left to fend for
itself after being started, allowing a response to get back to the user.

Is this an accurate assessment of what you're trying to do?

-dsp

-----Original Message-----
From: owner-modssl-users <at> modssl.org
[mailto:owner-modssl-users <at> modssl.org]On Behalf Of Vincent KERAVEC
Sent: Monday, September 01, 2003 11:32 AM
To: modssl-users <at> modssl.org
Subject: Modssl wait background script to finish

Hello,
I've got a problem with modssl. When I run a script in background, the
server doesn't respond to the browser who start the script on port 143
until the script finish. The server continue to reply to all other browser.

I'm running Apache/2.0.40 (Red Hat Linux) with mod_ssl/2.0.40 and
OpenSSL/0.9.7a. I'm also using client side authentication.

Is there something to change in the ssl configuration to allow
background process ?
(Continue reading)

Vincent KERAVEC | 1 Sep 17:58 2003
Picon

Re: Modssl wait background script to finish

Thanks for your response,
Sorry I mean 443 and not 143  :(

I just want to run a bash script on the server.
I launch the script whith :
<?php
    exec ("nohup ./script.sh > /dev/null &");
?>

The page load successfully but when I follow a link the server didn't 
respond.
If I use an other navigator the server respond normally.

Vincent KERAVEC

Dave Paris wrote:

>A couple questions.  Is this something like a SSL-protected web interface to
>an IMAP server (ref: your mention of port 143)?  If so, are you accepting
>certain directives which are being passed on to the IMAP server (ref: "start
>the script on port 143")?  If this is the case, it sounds like what you're
>intending to do is start a "fire and forget" script .. not being concerned
>about the return value from the script.  If that's the case, you may want to
>look at creating a IPC process of some sort that can be left to fend for
>itself after being started, allowing a response to get back to the user.
>
>Is this an accurate assessment of what you're trying to do?
>
>-dsp
>
(Continue reading)

Dave Paris | 1 Sep 18:10 2003

RE: Modssl wait background script to finish

Someone with more PHP experience than I will need to address the use of
exec() in the context of PHP, but were this Perl then exec() would stop the
running Perl process after launching the external process - which would have
the effect of stopping your running Perl script.

Whether PHP operates similarly, I'm not sure (I don't do anything with
PHP).. however this might be something to look into since (as I understand
it) many of PHP's internals were borrowed from Perl originally.  If this was
Perl, you'd want either system(), open2(), open3(), or backticks.

Good luck!
-dsp

-----Original Message-----
From: owner-modssl-users <at> modssl.org
[mailto:owner-modssl-users <at> modssl.org]On Behalf Of Vincent KERAVEC
Sent: Monday, September 01, 2003 11:59 AM
To: modssl-users <at> modssl.org
Subject: Re: Modssl wait background script to finish

Thanks for your response,
Sorry I mean 443 and not 143  :(

I just want to run a bash script on the server.
I launch the script whith :
<?php
    exec ("nohup ./script.sh > /dev/null &");
?>

The page load successfully but when I follow a link the server didn't
(Continue reading)

Vincent KERAVEC | 4 Sep 10:55 2003
Picon

Re: Modssl wait background script to finish

I solve the problem by upgrading apache version to 2.0.47.

Vincent KERAVEC

Dave Paris wrote:

>Someone with more PHP experience than I will need to address the use of
>exec() in the context of PHP, but were this Perl then exec() would stop the
>running Perl process after launching the external process - which would have
>the effect of stopping your running Perl script.
>
>Whether PHP operates similarly, I'm not sure (I don't do anything with
>PHP).. however this might be something to look into since (as I understand
>it) many of PHP's internals were borrowed from Perl originally.  If this was
>Perl, you'd want either system(), open2(), open3(), or backticks.
>
>Good luck!
>-dsp
>
>-----Original Message-----
>From: owner-modssl-users <at> modssl.org
>[mailto:owner-modssl-users <at> modssl.org]On Behalf Of Vincent KERAVEC
>Sent: Monday, September 01, 2003 11:59 AM
>To: modssl-users <at> modssl.org
>Subject: Re: Modssl wait background script to finish
>
>
>Thanks for your response,
>Sorry I mean 443 and not 143  :(
>
(Continue reading)

Zvi Har'El | 4 Sep 15:39 2003
Picon

[rl <at> math.technion.ac.il: HTTPS env var in suexec]

----- Forwarded message from Zvi Har'El <rl <at> math.technion.ac.il> -----

Date: Tue, 26 Aug 2003 16:47:52 +0300
From: Zvi Har'El <rl <at> math.technion.ac.il>
To: Apache Developer List <dev <at> httpd.apache.org>
Subject: HTTPS env var in suexec
Hebrew-Date: 28 Av 5763

Hi,

In apache_1.3.28, running a cgi with suEXEC has a problem to identify SSL
connections using the normal enviroment HTTPS=on setting, since suexec.c in
this distribution (in line 137) has in the safe variable list the string
"HTTPS_" for a prefix, and doesn't have the string "HTTPS=". This has been
fixed in apache 2, but can you please also fix it in apache 1.3?

Thanks,

Zvi.

-- 
Dr. Zvi Har'El     mailto:rl <at> math.technion.ac.il     Department of Mathematics
tel:+972-54-227607 icq:179294841     Technion - Israel Institute of Technology
fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                                  Tuesday, 28 Av 5763, 26 August 2003,  4:43PM

----- End forwarded message -----

--

-- 
(Continue reading)

Dmitry Bocharnikov | 5 Sep 22:16 2003

Problem compiling Apache with modssl on Sparc 9 with 64 bit openssl

Hi, I'm having a problem compiling apache with modssl support on a
solaris platform. I've had to compile openssl as "solaris64-sparcv9-gcc"
otherwise after a default configuration compilation process would give
me a fatal error in dhparam.o file - wrong elf class (ELFCLASS64)

if [ "solaris-shared" = "hpux-shared" -o "solaris-shared" = 
"darwin-shared" ] ; then \
 gcc -o openssl -DMONOLITH -I.. -I../include  
-DOPENSSL_SYSNAME_ULTRASPARC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -m32 -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM openssl.o 
verify.o asn1pars.o req.o dgst.o
dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o 
crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o 
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o 
app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o
smime.o rand.o engine.o ocsp.o  ../libssl.a  ../libcrypto.a -lsocket 
-lnsl -ldl ; \
else \
 gcc -o openssl -DMONOLITH -I.. -I../include  
-DOPENSSL_SYSNAME_ULTRASPARC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -m32 -mcpu=ultrasparc -O3 
-fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DMD5_ASM openssl.o 
verify.o asn1pars.o req.o dgst.o
dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o 
crl.o rsa.o rsautl.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o 
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o 
app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o
smime.o rand.o engine.o ocsp.o  -L.. -lssl  -L.. -lcrypto -lsocket -lnsl
-ldl ; \
(Continue reading)

Ken Kittlitz | 12 Sep 02:42 2003
Picon

Determining if request was made via HTTPS

Hi all,

I'm writing an Apache module that needs to determine if a request came in 
via HTTP or HTTPS.  Does mod_ssl provide some interface that other modules 
can use to determine this? Clearly, mod_cgi figures this out somehow, 
because it correctly sets the "HTTPS" environment variable, but I don't 
understand how it figures this out.  I can't find anything in the request 
record that would let me tell the difference between an incoming HTTPS 
request and an HTTP one.

Any help would be appreciated. Thanks!
---
Ken Kittlitz
Vice-President, Javien Canada Inc.
http://www.javien.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Adrien Felon | 12 Sep 15:42 2003
Picon

Are "client requested update" supported?

Hi,

I would like to try some client side requested upgrade to HTTP over TLS (cf.
section 3 of RFC2817). For that I had apache loading mod_ssl and I try to
send the following data to the server (using a telnet on port 80):

OPTIONS * HTTP/1.1\r\n
Host: ...\r\n
Upgrade: TLS/1.0\r\n
Connection: Upgrade\r\n
\r\n

I got "HTTP/1.1 200 Ok\r\n..." response instead of "HTTP/1.1 101 Switching
Protocols\r\n".  I start to wonder if apache actually supports this... As
https works fine, I think my openssl/mod_ssl config is up and running.

It sounds like a dummy question to me but I walk through the docs without
the response.

Thanks in advance,

Adrien Felon

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 01/09/2003

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
(Continue reading)


Gmane