[ANNOUNCE] mod_ssl 2.8.16 for Apache 1.3.29

Apache 1.3.29 was released a few days ago. Although mod_ssl 2.8.15 would
still work fine with it, as usual, I take this new Apache release as the
trigger for releasing a corresponding mod_ssl version -- which is again
100% aligned to Apache 1.3.29 and also includes a few bugfixes which
were pending in my maintainance queue (see CHANGES entries below).

Fetch mod_ssl 2.8.16 from:

o http://www.modssl.org/source/
o  ftp://ftp.modssl.org/source/

Yours,
                                       Ralf S. Engelschall
                                       rse <at> engelschall.com
                                       www.engelschall.com

  Changes with mod_ssl 2.8.16 (18-Jul-2003 to 01-Nov-2003)

   *) Upgraded to Apache 1.3.29

   *) Avoid memory corruption in certificate handling caused by a heap
      memory double-freeing situation.

   *) Allow "HTTPS" variable to be passed through by suEXEC.

   *) Clear the OpenSSL error code in pass phrase reading code to
      workaround the following situation: multiple keys, all with
      different passphrases -- entering the correct pass phrase at each
      prompt leads to an OpenSSL error message after the last prompt.

Apache 1.3.29 and 2.0.48 with SSL binaries for Windows

I have just finished building the new Apache binaries for Windows.

Apache 1.3.29 with mod_ssl and openssl  
Apache 2.0.48 with mod_ssl (built-in), openssl and zlib

Only the newest files can be found here... 
http://hunter.campbus.com/

MD5's, and all previous builds can be found here...
http://tor.ath.cx/~hunter/apache/

In addition to OpenSSL (made with MASM) I also added zlib to build
mod_deflate.so in Apache 2.0.47-48 for those who are interested in using
it - it is not configured, just like the mod_ssl.so.

Note: some configuration is required.

I build to c:\apache so if you use the same directory your configuration
effort will be less, unless of course you are upgrading. Be careful
though, Apache 1.3.xx conf is different from Apache 2.0.xx, and very
early versions of Apache2 had differences with the latest versions.  

To install Apache (2.0.xx), follow these simple steps. 
(Apache 1.3.xx is similar but different)

1. create a directory (c:\apache) or if you are upgrading, save your
httpd.conf or it could be overwritten.

2. unzip the binaries into this directory - make certain you created the
sub-dirs.

Client Variables

The SSL_CLIENT_* variables are not appearing in my environment. My web
host insists it's something my CGI needs to do to request this
information from the client, but that doesn't make sense to me. I
obtained a certificate from Thawte and installed it in my browser, but
that doesn't make a difference. Is there something else I need to do?
Is there something my host needs to do?

--

-- 
Alan Little
Holotech Enterprises

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Re: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows

Attempting to make my own cert on my Win32 system at work it appears I'm
missing the OpenSSL configuration file - see error below.

I've built OpenSSL under Solaris before but my Sun is not up at the moment
to get the file from - anyone have a configuration file example?

C:\Apache\bin>openssl req -new -key server.key -out server.csr
Unable to load config info
Enter pass phrase for server.key:
unable to find 'distinguished_name' in config
problems making Certificate Request
672:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or
envir
onment variable:.\crypto\conf\conf_lib.c:325:

Thanks,

Don Woodward

----- Original Message ----- 
From: "hunter" <theantigod <at> sympatico.ca>
To: <users <at> httpd.apache.org>
Cc: <modssl-users <at> modssl.org>
Sent: Saturday, November 01, 2003 20:48
Subject: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows

I have just finished building the new Apache binaries for Windows.

Apache 1.3.29 with mod_ssl and openssl
Apache 2.0.48 with mod_ssl (built-in), openssl and zlib

Your Contact Info

[moderator-request] Re: Your Contact Info

Will the moderator(s) be so kind as to killfile this user?   Thanks, we 
get enough spam without it bypassing internal filters for important 
listservs like modssl-users.

Kind Regards,
-dsp

On Tuesday, Nov 4, 2003, at 10:53 US/Eastern, Kevin Klawon wrote:

<image.tiff>
>
> <Kevin Klawon.vcf>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Distinghished Name of X509 depend on version of ModSSL ?

Hello

I want to extract the Distinghished Name of a X509 certificat for 
checking the access of my  HTTP server (see FakeBasicAuthentification)

with the new version of openssl I have the following result :
/usr/local/openssl-0.9.7c/apps/openssl x509 -noout -subject -in 
/home/apache/htdocs/dess/intranetSTIC/UPS836-2003-2004.pem
subject= /C=FR/O=CNRS/OU=UPS836/CN=Xavier 
Jeannin/emailAddress=Xavier.Jeannin <at> urec.cnrs.fr
with the old version of openssl of Redhat I have the following result :
  /usr/bin/openssl x509 -noout -subject -in 
/home/apache/htdocs/dess/intranetSTIC/UPS836-2003-2004.pem
subject= /C=FR/O=CNRS/OU=UPS836/CN=Xavier 
Jeannin/Email=Xavier.Jeannin <at> urec.cnrs.fr

As Apache uses the DN to select the access on directory, my user cannot 
access to my server because DN does not match anymore DN in password file.
the solution could be to change my files password file (htpasswd) but I 
have lot of this kind of file
Is there any way to change the result of openssl command by 
configuration at runtime or at compilation ?

thank you
--xj

--

-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : jeannin <at> urec.cnrs.fr

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Re: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows

I found a copy and got it working.

Don Woodward

----- Original Message ----- 
From: "Don Woodward" <dbwoodw <at> alltel.net>
To: <modssl-users <at> modssl.org>
Sent: Monday, November 03, 2003 19:24
Subject: Re: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows

Attempting to make my own cert on my Win32 system at work it appears I'm
missing the OpenSSL configuration file - see error below.

I've built OpenSSL under Solaris before but my Sun is not up at the moment
to get the file from - anyone have a configuration file example?

C:\Apache\bin>openssl req -new -key server.key -out server.csr
Unable to load config info
Enter pass phrase for server.key:
unable to find 'distinguished_name' in config
problems making Certificate Request
672:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or
envir
onment variable:.\crypto\conf\conf_lib.c:325:

Thanks,

Don Woodward

----- Original Message ----- 
From: "hunter" <theantigod <at> sympatico.ca>
To: <users <at> httpd.apache.org>
Cc: <modssl-users <at> modssl.org>
Sent: Saturday, November 01, 2003 20:48
Subject: Apache 1.3.29 and 2.0.48 with SSL binaries for Windows

I have just finished building the new Apache binaries for Windows.

Apache 1.3.29 with mod_ssl and openssl
Apache 2.0.48 with mod_ssl (built-in), openssl and zlib

Only the newest files can be found here...
http://hunter.campbus.com/

MD5's, and all previous builds can be found here...
http://tor.ath.cx/~hunter/apache/

In addition to OpenSSL (made with MASM) I also added zlib to build
mod_deflate.so in Apache 2.0.47-48 for those who are interested in using
it - it is not configured, just like the mod_ssl.so.

Note: some configuration is required.

I build to c:\apache so if you use the same directory your configuration
effort will be less, unless of course you are upgrading. Be careful
though, Apache 1.3.xx conf is different from Apache 2.0.xx, and very
early versions of Apache2 had differences with the latest versions.

To install Apache (2.0.xx), follow these simple steps.
(Apache 1.3.xx is similar but different)

1. create a directory (c:\apache) or if you are upgrading, save your
httpd.conf or it could be overwritten.

2. unzip the binaries into this directory - make certain you created the
sub-dirs.

3. go to the conf directory and edit httpd.conf or replace the
httpd.conf with the one you saved.

4. go to the 'bin' directory in a console.

Type the following commands:

- if you are already installed, type 'apache -k uninstall'
- then type 'apache -k install'
- then type 'apache -k start'

Check the error logs if it fails to start, but some configuration errors
will be displayed in your console. Apache also logs to the event log.

If you detect flaws in the build please email me so that I can fix them
as soon as possible. I don't use these binaries so I need you to tell me
if there is something wrong with them. I build a branded version in my
workplace and use Apache2 on Debian/GNU Linux at home.

Configuration questions should be directed to the list after reading the
documentation and searching the list archives - let everyone benefit
from the answers you get.

Chris Lewis

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Providers of hardware key storage

Hello,

I have spent several hours searching the mailing list archive looking for
hardware key storage solutions compatible with mod_ssl.  NCipher provides
one.  Are there any others?  I saw several emails mentioning the existence
of others, but nothing concrete.  One email mentioned Broadcom in addition
to NCipher, but Broadcom sells chips, and I'm looking for a PCI card.  I
have concacted several manufacturers of SSL accelerators but haven't been
able to get any answers concerning key storage except from NCipher.

Thanks for any help,

Francisco

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

mod_ssl and Sun Crypto Card

I have a SunFire system that has a Sun Crypto Card 1000 pre-installed.  The
mod_ssl came with the card only supports apache 1.3.12 or apache 1.3.22.
How to configure and compile the mod_ssl so that it can support the Crypto
card?  - Thanks in advance

- Ming Yu
- Johns Hopkins Univ. APL

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org