Malformed multipart POST

Hello !

I use Apache/1.3.31 (Unix) mod_perl/1.28 mod_ssl/2.8.17 OpenSSL/
0.9.6i on 4.7-RELEASE-p23 in HTTPS mode.

and occasionally get errors
[Mon May 31 16:23:31 2004] [error] Malformed multipart POST\n
[Mon May 31 16:23:56 2004] [error] Malformed multipart POST\n
...
[Tue Jun  1 13:49:33 2004] [error] Malformed multipart POST\n

- users, which make requests in such situations fail to get
response from web-server.

This mistake raise occasionally, when users repeat his request,
usually apache process second request without any requests.
Furthermore, one client working with the same parameters, the
same browser etc. can get errors, but usually he will not get
any errors when repeat request identically.

I don't know is this mistake mod_ssl-specific or common for
non-https environment also.

Please point me to change configuration of apache.conf to
dissmiss this error. Thanks a lot for any information.

P.S. Please CC-copy answer to my email rusland <at> scn.ru .

--

-- 
 best regards,

Hidden message

Self-signed cert trouble - please help

Hi,

I've successfully made many self-signed certificates for Apache in the
past using the docs from the modssl and openssl websites.  This time, I'm
completely stumped and I've searched all over the Internet without finding
an answer that helps.  I'm getting this error message in my Apache logs:

[Thu Jun  3 09:00:11 2004] [error] OpenSSL: error:14094412:SSL 
routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in 
certificate not server name or identical to CA!?]

The problem is that my cert CN is NOT identical to the CA CN and my CN
DOES match the server name.  I'm trying to access my site at
https://www.lotspeich.org/.  Here's my Apache config:

<VirtualHost 209.79.149.250:443>
ServerAdmin erik <at> lotspeich.org
DocumentRoot /home/httpd/html
ServerName www.lotspeich.org
ServerAlias www lotspeich.org localhost
DirectoryIndex index.epl index.shtml index.html
<IfModule mod_ssl.c>
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/certs/server.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/certs/server.key

SSLCACertificateFile /etc/httpd/conf/certs/ca.crt
</IfModule>
</VirtualHost>

Here's the information about my certificate:

[shrimp: /etc/httpd/conf/certs] root $ openssl x509 -noout -text -in
server.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 1 (0x1)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=California, L=Sunnyvale, CN=Erik 
Lotspeich/emailAddress=erik <at> lotspeich.org
        Validity
            Not Before: Jun  3 15:49:51 2004 GMT
            Not After : Jun  3 15:49:51 2005 GMT
        Subject: C=US, ST=California, L=Sunnyvale, 
CN=www.lotspeich.org/emailAddress=erik <at>      
lotspeich.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:da:c6:4a:02:23:38:c0:ba:44:00:20:30:47:bf:
                    22:54:20:77:0d:a0:b7:e5:66:9b:51:04:5a:94:92:
                    a2:dc:ed:01:b5:15:ab:7f:ca:37:f7:34:97:97:41:
                    08:3b:fa:3c:d4:71:c7:01:3b:1c:03:a5:4c:e6:4e:
                    15:42:b9:cd:cd:9c:5c:6d:75:b7:42:0c:11:3c:39:
                    94:b3:2a:ac:40:45:c6:c3:2b:f2:e1:4f:5c:5c:fa:
                    e1:5e:4b:12:1a:59:cb:0f:36:ea:57:78:8a:ec:4e:
                    46:03:19:0b:29:71:7d:fb:f8:97:92:9c:e3:a0:fa:
                    69:05:02:24:a7:32:77:77:a9
                Exponent: 65537 (0x10001)
    Signature Algorithm: md5WithRSAEncryption
        3b:a1:ae:b7:ac:75:8d:54:68:2e:25:03:30:af:db:26:82:33:
        4c:1e:89:fb:cd:03:5f:c3:0e:0d:87:c4:c9:88:57:3a:16:b6:
        af:19:d9:8d:2d:89:c9:c5:40:b9:72:f3:63:44:a4:bf:10:29:
        90:0b:c7:78:44:c6:73:30:b2:67:49:3b:79:a1:05:50:27:7c:

I tried to follow all of the documentation for making my own CA, CSR, and 
signing my certificate.  I used the following commands in this order:

/usr/local/ssl/misc/CA.sh -newca
openssl genrsa server.key 1024
openssl req -new -key server.key -out server.csr
cp demoCA/cacert.pem ca.crt
cp demoCA/cakey.pem ca.key
/usr/src/compile/mod_ssl-2.8.18-1.3.31/pkg.contrib/sign.sh server.csr

Am I missing something simple here?  Any help would be greatly 
appreciated.  My Apache server's version string is this:

Apache/1.3.27 (Unix) PHP/4.3.4 mod_ssl/2.8.11 OpenSSL/0.9.6g mod_perl/1.27

I'm creating the certificates with OpenSSL 0.9.7d.

Thanks in advance,

Erik.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Transmit string

Dear Ralf S. Engelschall and other developers, I have problem.
Help me solve a problem, very need.

It is necessary read a line of the text (additional information on the user) in the module mod_ssl
and to transfer it in the module openssl.
Reading of a line to make in the mod_ssl: file: ssl_engine_pphrase.c; function: ssl_pphrase_Handle
and to transfer in the openssl: file: s3_srvr.c; function: ssl3_accept.

Apache 2.0.49 - Openssl0.9.6m

I make approximately as below:
//------mod_ssl.h------//
typedef struct {
    pid_t           pid;
    apr_pool_t     *pPool;
.....
    char	*szinf; //!!! <- Add
.....
    struct {
        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
    } rCtx;
} SSLModConfigRec;

//-----ssl_engine_pphrase.c----//
void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
{
.....
    mc->szinf = apr_palloc(p,sizeof(char *) * 100);
    char *buf = apr_palloc(p, sizeof(char *) * 100);
    apr_file_open_stdout(&writetty, p);
    i = EVP_read_pw_string(buf, bufsize, "", FALSE);
    apr_cpystrn(mc->szinf,buf,strlen(buf)+1);
    //mc->inf - contain reading string
.....
}

//-----ssl_engine_init.c----//
static int ssl_server_import_key(server_rec *s, modssl_ctx_t *mctx, const char *id, int idx)
{
.....
apr_cpystrn(mctx->ssl_ctx->infO, mc->szinf,strlen(mc->szinf)+1); // <- copy string to struct ssl_ctx
.....
}

//-----ssl.h-----//
struct ssl_ctx_st
{
	char infO[100];    // <- string to openssl
	SSL_METHOD *method;
	unsigned long options;
	unsigned long mode;
.....
}

//-----s3_srvr.c-----//
int ssl3_accept(SSL *s)
{
   char *buf = s->ctx->infO; //NULL string !!!!! AND NEED GET inf from ssl_pphrase_Handle
.....
}

Seems, struct SSL_CTX clearing after fork process, this so?
And How can save string after fork process?
Suggest to me idea.

Thanks.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Certificate Problems

RE: Certificate Problems

Plain text please...

If you got an error in the ssl error-log then apache must be running.
The invalid method error is exactly that - the HTTP method wasn't GET,
POST etc... What request were you making when you got the error?
Cross-check the access log for details...

It looks like your certificate common name is localhost.localdomain and
this doesn't match the ServerName argument which is what the warning is
about.

The DNS error means that he browser cannot resolve eghapp to an IP
address while curl, apparently, can. No idea why - depends on OS,
browser version, config etc. (eg, if the browser goes via a proxy, the
proxy will not see a local /etc/hosts definition of eghapp). 

Tip: if you post back, cut'n'paste exact error messages - do not
paraphrase as this loses important information. Also, give OS, apache
1.3 or 2 etc.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

-----Original Message-----
From: Richard Skeggs [mailto:RSKEGGS <at> mobius.com]
Sent: Mittwoch, 16. Juni 2004 11:07
To: 'modssl-users <at> modssl.org'
Subject: Certificate Problems

I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script
'openssl s_client -connect eghapp:443 -state -debug' I don't appear to
get an error message. However when trying to start apache using the
startssl switch the following error turns up in the ssl_error_log
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?) 
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?) 
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?
[Tue Jun 15 15:26:34 2004] [error] [client 10.14.1.150] Invalid method
in request 
I have also been able to successfully run the command 'curl
https://eghapp'. However when I try to run 'https://eghapp' through the
browser I get an error saying that the DNS server cannot be found. On
checking the nothing gets written to any of the ssl log files.
Does anyone know how I can resolve this? 
Thanks 
Richard Skeggs 
Software Engineer 
Mobius Management Systems 
Cavendish House 
5 The Avenue 
Egham 
Surrey 
TW20 9AB 
Tel: +44 (0) 1784 484700 
Mobile: + 44 (0) 7971 608315 
email: rskeggs <at> mobius.com

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

FW: Certificate Problems

Thanks for the response, to explain abit more the error I see in the log
file only get written when I start apache using apachactl startssl the
message written to ssl_error_log is:

[Wed Jun 16 10:59:48 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:48 2004]
[warn] RSA server certificate CommonName (CN) `localhost.localdomain' does
NOT match server name!? [Wed Jun 16 10:59:50 2004] [warn] RSA server
certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun
16 10:59:50 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?

As for the the request I was making it was to simply get the home page of
eghapp

Using the url http://eghapp:8000 through my browser I get to view the home
page of eghapp

However https://eghapp:8000 I get the following log message  from
error_log: [Wed Jun 16 11:08:05 2004] [error] [client 10.14.2.8] Invalid
method in request!L!!  From access_log: 10.14.2.8 - -
[16/Jun/2004:11:07:38 +0100] " L" 501 1007 Nothing gets written to the ssl
message files. The browser returns

Cannot find server or DNS Error
Internet Explorer

I am trying to install ssl on the eghapp server which is a RedHat9 linux
box. An extract from the hosts file on eghapp is:

127.0.0.1               localhost loghost
10.14.1.150             eghapp

An extract from the httpd.conf file is shown below
Listen 8000
NameVirtualHost 10.14.1.150

<VirtualHost 10.14.1.150>
    ProxyPass /esav http://eghsnap1:8081/esav
    ProxyPassReverse /esav http://eghsnap1:8081/esav
    ProxyPass /ddrint http://eghsnap2:8081/ddrint
    ProxyPassReverse /ddrint http://eghsnap2:8081/ddrint
    ProxyPass /vnc http://eghsnap1:80/vnc
    ProxyPassReverse /vnc http://eghsnap1:80/vnc
    ServerAdmin webmaster <at> mobius.com
    DocumentRoot /var/www/html
    ServerName eghapp
    ErrorLog logs/error_log
    CustomLog logs/access_log common
#</VirtualHost>

SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.csr
SSLCertificateKeyFile /etc/httpd/server.key
</VirtualHost>

For your information I am running
   Apache 2.0.4.0
   IE 6.0.2

Richard

-----Original Message-----
From: owner-modssl-users <at> modssl.org [mailto:owner-modssl-users <at> modssl.org]
On Behalf Of Boyle Owen
Sent: 16 June 2004 10:20
To: modssl-users <at> modssl.org
Subject: RE: Certificate Problems

Plain text please...

If you got an error in the ssl error-log then apache must be running. The
invalid method error is exactly that - the HTTP method wasn't GET, POST
etc... What request were you making when you got the error? Cross-check
the access log for details...

It looks like your certificate common name is localhost.localdomain and
this doesn't match the ServerName argument which is what the warning is
about.

The DNS error means that he browser cannot resolve eghapp to an IP address
while curl, apparently, can. No idea why - depends on OS, browser version,
config etc. (eg, if the browser goes via a proxy, the proxy will not see a
local /etc/hosts definition of eghapp).

Tip: if you post back, cut'n'paste exact error messages - do not
paraphrase as this loses important information. Also, give OS, apache 1.3
or 2 etc.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est un
message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

-----Original Message-----
From: Richard Skeggs [mailto:RSKEGGS <at> mobius.com]
Sent: Mittwoch, 16. Juni 2004 11:07
To: 'modssl-users <at> modssl.org'
Subject: Certificate Problems

I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script
'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get
an error message. However when trying to start apache using the startssl
switch the following error turns up in the ssl_error_log [Tue Jun 15
15:11:04 2004] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07
2004] [warn] RSA server certificate is a CA certificate (BasicConstraints:
CA == TRUE !?)
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34
2004] [error] [client 10.14.1.150] Invalid method in request
I have also been able to successfully run the command 'curl
https://eghapp'. However when I try to run 'https://eghapp' through the
browser I get an error saying that the DNS server cannot be found. On
checking the nothing gets written to any of the ssl log files. Does anyone
know how I can resolve this?
Thanks
Richard Skeggs
Software Engineer
Mobius Management Systems
Cavendish House
5 The Avenue
Egham
Surrey
TW20 9AB
Tel: +44 (0) 1784 484700
Mobile: + 44 (0) 7971 608315
email: rskeggs <at> mobius.com

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorised to state them to be the views of the sender's
company.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

[Fwd: FW: Certificate Problems]

Thanks for the response, to explain abit more the error I see in the log
file only get written when I start apache using apachactl startssl the
message written to ssl_error_log is:

[Wed Jun 16 10:59:48 2004] [warn] RSA server certificate is a CA
certificate (BasicConstraints: CA == TRUE !?) [Wed Jun 16 10:59:48 2004]
[warn] RSA server certificate CommonName (CN) `localhost.localdomain' does
NOT match server name!? [Wed Jun 16 10:59:50 2004] [warn] RSA server
certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed Jun
16 10:59:50 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!?

As for the the request I was making it was to simply get the home page of
eghapp

Using the url http://eghapp:8000 through my browser I get to view the home
page of eghapp

However https://eghapp:8000 I get the following log message  from
error_log: [Wed Jun 16 11:08:05 2004] [error] [client 10.14.2.8] Invalid
method in request!L!!  From access_log: 10.14.2.8 - -
[16/Jun/2004:11:07:38 +0100] " L" 501 1007 Nothing gets written to the ssl
message files. The browser returns

Cannot find server or DNS Error
Internet Explorer

I am trying to install ssl on the eghapp server which is a RedHat9 linux
box. An extract from the hosts file on eghapp is:

127.0.0.1               localhost loghost
10.14.1.150             eghapp

An extract from the httpd.conf file is shown below
Listen 8000
NameVirtualHost 10.14.1.150

<VirtualHost 10.14.1.150>
    ProxyPass /esav http://eghsnap1:8081/esav
    ProxyPassReverse /esav http://eghsnap1:8081/esav
    ProxyPass /ddrint http://eghsnap2:8081/ddrint
    ProxyPassReverse /ddrint http://eghsnap2:8081/ddrint
    ProxyPass /vnc http://eghsnap1:80/vnc
    ProxyPassReverse /vnc http://eghsnap1:80/vnc
    ServerAdmin webmaster <at> mobius.com
    DocumentRoot /var/www/html
    ServerName eghapp
    ErrorLog logs/error_log
    CustomLog logs/access_log common
#</VirtualHost>

SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
SSLCertificateFile /etc/httpd/server.csr
SSLCertificateKeyFile /etc/httpd/server.key
</VirtualHost>

For your information I am running
   Apache 2.0.4.0
   IE 6.0.2

Richard

-----Original Message-----
From: owner-modssl-users <at> modssl.org [mailto:owner-modssl-users <at> modssl.org]
On Behalf Of Boyle Owen
Sent: 16 June 2004 10:20
To: modssl-users <at> modssl.org
Subject: RE: Certificate Problems

Plain text please...

If you got an error in the ssl error-log then apache must be running. The
invalid method error is exactly that - the HTTP method wasn't GET, POST
etc... What request were you making when you got the error? Cross-check
the access log for details...

It looks like your certificate common name is localhost.localdomain and
this doesn't match the ServerName argument which is what the warning is
about.

The DNS error means that he browser cannot resolve eghapp to an IP address
while curl, apparently, can. No idea why - depends on OS, browser version,
config etc. (eg, if the browser goes via a proxy, the proxy will not see a
local /etc/hosts definition of eghapp).

Tip: if you post back, cut'n'paste exact error messages - do not
paraphrase as this loses important information. Also, give OS, apache 1.3
or 2 etc.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est un
message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

-----Original Message-----
From: Richard Skeggs [mailto:RSKEGGS <at> mobius.com]
Sent: Mittwoch, 16. Juni 2004 11:07
To: 'modssl-users <at> modssl.org'
Subject: Certificate Problems

I am trying to set up ssl on my server and I have been through what I
believe are the correct settings. I can run the command line script
'openssl s_client -connect eghapp:443 -state -debug' I don't appear to get
an error message. However when trying to start apache using the startssl
switch the following error turns up in the ssl_error_log [Tue Jun 15
15:11:04 2004] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Tue Jun 15 15:11:04 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:11:07
2004] [warn] RSA server certificate is a CA certificate (BasicConstraints:
CA == TRUE !?)
[Tue Jun 15 15:11:07 2004] [warn] RSA server certificate CommonName (CN)
`localhost.localdomain' does NOT match server name!? [Tue Jun 15 15:26:34
2004] [error] [client 10.14.1.150] Invalid method in request
I have also been able to successfully run the command 'curl
https://eghapp'. However when I try to run 'https://eghapp' through the
browser I get an error saying that the DNS server cannot be found. On
checking the nothing gets written to any of the ssl log files. Does anyone
know how I can resolve this?
Thanks
Richard Skeggs
Software Engineer
Mobius Management Systems
Cavendish House
5 The Avenue
Egham
Surrey
TW20 9AB
Tel: +44 (0) 1784 484700
Mobile: + 44 (0) 7971 608315
email: rskeggs <at> mobius.com

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorised to state them to be the views of the sender's
company.

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Again: "License" of ca-bundle.crt

Hello,

I am packaging sole ca-bundle.crt for Fink.
http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256

Fink package system has "License" field. I must fill it. What is the
"license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
"license"?

I sent before but no response except "vacation". Before clarifying it
I can't take any action.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org

Re: Again: "License" of ca-bundle.crt

On Thu, Jun 17, 2004 at 05:09:31AM +0900, AIDA Shinra wrote:
> Hello,
> 
> I am packaging sole ca-bundle.crt for Fink.
> http://sourceforge.net/tracker/index.php?func=detail&aid=928157&group_id=17203&atid=414256
> 
> Fink package system has "License" field. I must fill it. What is the
> "license" of sole ca-bundle.crt? Mod_ssl license? Or nothing like
> "license"?

It's a tricky legal question, I think.

The original source of the ca-bundle.crt was a database shipped with the
Netscape browser.  It's possible to derive a new ca-bundle.crt from the
Mozilla source code, which is what Debian do in their ca-certificates
package.  Debian say that the resultant CA certificate bundle is
licensed under the MPL, as its source in Mozilla is.

But can a database be copyrighted?  Can a database made up of copies of
necessarily-public CA certificates published by third parties be
copyrighted?  It is somewhat lacking in "originality", which is one of
the requirements for US copyright law to apply, at least.

You may be better of asking a lawyer, unfortunately!

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users <at> modssl.org
Automated List Manager                            majordomo <at> modssl.org