mod_ssl-2.8.8-1.3.24

This is a multi-part message in MIME format.
--------------3F91358AE6E065A519A1D613
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Running make in apache 1.3.24 gave a compile-error in
apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
The compiler pointed at the line:
{ "UID", NID_uniqueIdentifier },

at the struct listed below.
I could not see, how to cure. Therefore I applied "..." and it
worked.
Can somebody tell me the correct cure?
(linux-2.2.17, apache-1.3.24, mod_ssl-2.8.8-1.3.24,
openssl-0.9.7-beta1)

Please mail me direct.
Thanks a lot.

Ekk.



static const struct {
char *name;
int nid;
} ssl_var_lookup_ssl_cert_dn_rec[] = {
{ "C", NID_countryName },
{ "ST", NID_stateOrProvinceName }, /* officially (RFC2156)
*/
{ "SP", NID_stateOrProvinceName }, /* compatibility (SSLeay)
*/
{ "L", NID_localityName },
{ "O", NID_organizationName },
{ "OU", NID_organizationalUnitName },
{ "CN", NID_commonName },
{ "T", NID_title },
{ "I", NID_initials },
{ "G", NID_givenName },
{ "S", NID_surname },
{ "D", NID_description },
{ "UID", "NID_uniqueIdentifier" }, /*Ekk :...mit "" bei NID_
gehts, aber .....,!!!! */
{ "Email", NID_pkcs9_emailAddress },
{ NULL, 0 }
};


--------------3F91358AE6E065A519A1D613
Content-Type: text/x-vcard; charset=us-ascii;
name="ell.vcf"
Content-Description: Card for Ekkehard Ellmann LRT1
Content-Disposition: attachment;
filename="ell.vcf"
Content-Transfer-Encoding: 7bit

begin:vcard
n:Ellmann;Ekkehard
tel;cell:+49 172 2874295
x-mozilla-html:FALSE
org:UniBw-München;LRT 1
version:2.1
email;internet:ell@i01p01.lrt.unibw-muenchen.de
title:Dipl.-Math.
adr;quoted-printable:;;Ekkehard Ellmann LRT 1/UniBwM;Neubiberg;;85577;Germany
x-mozilla-cpt:;26400
fn:Ekkehard Ellmann
end:vcard

--------------3F91358AE6E065A519A1D613--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl-2.8.8-1.3.24

On Mon, 3 Jun 2002, Ekkehard Ellmann LRT1 wrote:

> Running make in apache 1.3.24 gave a compile-error in
> apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
> The compiler pointed at the line:
> { "UID", NID_uniqueIdentifier },
>
> (linux-2.2.17, apache-1.3.24, mod_ssl-2.8.8-1.3.24,
> openssl-0.9.7-beta1)

Many changes have occurred between OpenSSL 0.9.6 and 0.9.7. mod_ssl is
unlikely to work with 0.9.7 at the moment, even if this were fixed. Stick
with 0.9.6 for now.

--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl-2.8.8-1.3.24

Hi,

On Mon, 3 Jun 2002, Cliff Woolley wrote:

> On Mon, 3 Jun 2002, Ekkehard Ellmann LRT1 wrote:
>
> > Running make in apache 1.3.24 gave a compile-error in
> > apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
> > The compiler pointed at the line:
> > { "UID", NID_uniqueIdentifier },
> >
> > (linux-2.2.17, apache-1.3.24, mod_ssl-2.8.8-1.3.24,
> > openssl-0.9.7-beta1)
>
> Many changes have occurred between OpenSSL 0.9.6 and 0.9.7. mod_ssl is
> unlikely to work with 0.9.7 at the moment, even if this were fixed. Stick
> with 0.9.6 for now.

Ummm ... I had generally been using 0.9.7-dev CVS with mod_ssl without any
great grief for some time. I would go so far as to guess what the problem
is ... modssl's (auto)configuration script does a couple of regexp checks
on the openssl version to tweak building. I remember thinking the choice
of filtering was odd, and it's quite possible that the version being
interpreted from the beta release is confusing the config checks.

At a guess, the UID issue is probably one where Ralf has a fallback
implementation in modssl for older versions of openssl that didn't have
it. Was the compiler/linker warning about conflicting definitions between
openssl libs and modssl? If so, try checking out the "configure" script
where it attempts to parse the openssl version. I can't look at this right
now but if you can't get it sorted feel free to mail me back in a day or
two and perhaps I will have time. Basically you'd want modssl to convince
itself that the beta is the same sort of thing as "0.9.7-dev".

OTOH: It might be something else different altogether :-)

Cheers,
Geoff

--
Geoff Thorpe, geoff(at)geoffthorpe(dot)net

2000 years on, it's a different empire but the same
zealots and the same attrocities.


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl-2.8.8-1.3.24

On Mon, 3 Jun 2002, Geoff Thorpe wrote:

> Ummm ... I had generally been using 0.9.7-dev CVS with mod_ssl without any
> great grief for some time.

Hm. Okay, well, you're luckier than the httpd committer who tried it.
:) At least with Apache 2.0, many things have been rumored to break under
the stock mod_ssl with OpenSSL 0.9.7-dev. YMMV. Of course my
recommendation to stick with 0.9.6 for now stands. :)



--Cliff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl-2.8.8-1.3.24

On Mon, Jun 03, 2002 at 04:24:43PM -0400, Geoff Thorpe wrote:
> On Mon, 3 Jun 2002, Cliff Woolley wrote:
>
> > On Mon, 3 Jun 2002, Ekkehard Ellmann LRT1 wrote:
> >
> > > Running make in apache 1.3.24 gave a compile-error in
> > > apache_1.3.24/src/modules/ssl/ssl_engine_vars.c
> > > The compiler pointed at the line:
> > > { "UID", NID_uniqueIdentifier },
> > >
> > > (linux-2.2.17, apache-1.3.24, mod_ssl-2.8.8-1.3.24,
> > > openssl-0.9.7-beta1)
> >
> > Many changes have occurred between OpenSSL 0.9.6 and 0.9.7. mod_ssl is
> > unlikely to work with 0.9.7 at the moment, even if this were fixed. Stick
> > with 0.9.6 for now.

> At a guess, the UID issue is probably one where Ralf has a fallback
> implementation in modssl for older versions of openssl that didn't have
> it. Was the compiler/linker warning about conflicting definitions between
> openssl libs and modssl? If so, try checking out the "configure" script
> where it attempts to parse the openssl version. I can't look at this right
> now but if you can't get it sorted feel free to mail me back in a day or
> two and perhaps I will have time. Basically you'd want modssl to convince
> itself that the beta is the same sort of thing as "0.9.7-dev".

The UID thing was only changed recently in the 0.9.7 tree, and (without
checking) would guess that it was even made after the last release of
mod_ssl, so I would not be sure it is already covered.

Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl-2.8.8-1.3.24

On Mon, Jun 03, 2002 at 05:31:35PM -0400, Cliff Woolley wrote:
> On Mon, 3 Jun 2002, Geoff Thorpe wrote:
>
> > Ummm ... I had generally been using 0.9.7-dev CVS with mod_ssl without any
> > great grief for some time.
>
> Hm. Okay, well, you're luckier than the httpd committer who tried it.
> :) At least with Apache 2.0, many things have been rumored to break under
> the stock mod_ssl with OpenSSL 0.9.7-dev. YMMV. Of course my
> recommendation to stick with 0.9.6 for now stands. :)

I don't care for rumores. The API of 0.9.7 is more or less unchanged.
However: mod_ssl tends to work around the existing API and directly
access internal structures and I am afraid that the Apache 2.0 version
might stick to this tradition.
In any case: OpenSSL 0.9.7 is now in beta and we need to find out these
issues. I don't have an Apache 2.0 installation seen, yet...
The mod_ssl for Apache 2.0 developers are thus strongly encouraged to
test and report, so that the issues can be sorted out.

Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl-2.8.8-1.3.24

Hi,

On Tue, 4 Jun 2002, Lutz Jaenicke wrote:

> The UID thing was only changed recently in the 0.9.7 tree, and (without
> checking) would guess that it was even made after the last release of
> mod_ssl, so I would not be sure it is already covered.

Ah, thanks for clarifying Lutz. Unfortunately, the original poster did not
include any information about *how* the compilation was breaking on the
"UID" line of code, so I'll now go back into hibernation ...

Cheers,
Geoff


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: mod_ssl-2.8.8-1.3.24

On Tue, Jun 04, 2002 at 04:26:00PM -0400, Geoff Thorpe wrote:
> On Tue, 4 Jun 2002, Lutz Jaenicke wrote:
>
> > The UID thing was only changed recently in the 0.9.7 tree, and (without
> > checking) would guess that it was even made after the last release of
> > mod_ssl, so I would not be sure it is already covered.
>
> Ah, thanks for clarifying Lutz. Unfortunately, the original poster did not
> include any information about *how* the compilation was breaking on the
> "UID" line of code, so I'll now go back into hibernation ...

Due to a naming clash with the LDAP RFC, UniqueIdentifier was renamed to
the correct value X509UniqueIdentifier, therefore the NID_UniqueIdentifier
macro was also renamed and now is no longer available.

Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org