Problem with SSL
am 18.06.2002 00:10:56 von Gilles GROS
We have since quite a time error in our logs about SSL Handshake.
I am trying to find where does that is coming from.
The trace in the logs is :
httpd_error_log:
----------------
[Mon Jun 17 05:23:48 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Mon Jun 17 05:23:48 2002] [error] System: Connection reset by peer (errno:
104)
ssl_engine_log:
---------------
[17/Jun/2002 05:23:48 01476] [info] Connection to child 8 established
(server www.whitepj.net:443, client 216.116.163.57)
[17/Jun/2002 05:23:48 01476] [info] Seeding PRNG with 23177 bytes of
entropy
[17/Jun/2002 05:23:48 01476] [trace] OpenSSL: Handshake: start
[17/Jun/2002 05:23:48 01476] [trace] OpenSSL: Loop: before/accept
initialization
[17/Jun/2002 05:23:48 01476] [trace] OpenSSL: Exit: error in SSLv2/v3 read
client hello A
[17/Jun/2002 05:23:48 01476] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[17/Jun/2002 05:23:48 01476] [error] System: Connection reset by peer
(errno: 104)
It there a way to know what URL is accessed.
It looks like there is no entry in the access_log at that time.
Thanks.
Gilles.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Réf. : RE: Problem with ssl
am 24.07.2002 09:17:18 von abdel.ramli
Hi Fred,
That's exactly what I meant by patched (as we may consider that mod_ssl is
not more than a patch applied to Apache source to modify it.
I just keep getting that error.
Please, help if you can.
Thanx
"Frederic DONNAT"
encod.com> cc :
Objet : RE: Problem with ssl
23/07/2002 18:45
Hi Abdel
What do you mean by "patched"?
The classic way is :
[root]# cd mod_ssl-2.8.10-1.3.26
[root]# ./configure --prefix=/path_where_to_install_apache \
--with-apache=/path_to_apache_src --with-ssl=/path_to_openssl_src
[root]# cd /path_to_apache_src
[root]# make
[root]# make install
That's for a dynamic build.
Type the following command line before for a static one:
export LDFLAGS="-ldl"
Be sure to have the rigth openssl installed.
Hope it will help
Fred
-----Original Message-----
From: abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent: Tue 07/23/2002 5:06 PM
To: modssl-users@modssl.org
Cc: owner-modssl-users@modssl.org
Subject: Problem with ssl
*Hi all
I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache
1.3.26 & mod_ssl-2.8.10-1.3.26
I just keep getting an error on line 76 of the mod_ssl.c while compiling
apache (patched with mod_ssl)
which is :
------------------------------------------------------------ --------------------------------------
* identify the module to SCCS `what' and RCS `ident' commands
*/
static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
static char const rcsid[] = "$Id: mod_ssl/" MOD_SSL_VERSION " $";
------------------------------------------------------------ --------------------------------------
Just followed many procedures and the error remain the same.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
RE: Réf. : RE: Problem with ssl
am 24.07.2002 21:47:06 von coates.carter
Abdel,
What is the error message? You wrote that the error was on line 76 of
mod_ssl.c, but I don't believe you mentioned the error message itself. I've
just installed mod_ssl on apache on RedHat 7.2, all the same versions as
you. I didn't have any errors or problems. I chose to use the latest
openssl, which added a few more lines of work form me. I've included for
you my notes from my installation. Good luck.
Coates Carter
University of Richmond
#OPENSSL- REMOVE OLD RPM AND INSTALL LATEST TARBALL
rpm -e --repackage --nodeps openssl
cd /usr/local/src
gzip -dc openssl-0.9.6d.tar.gz |tar xvf -
cd /usr/local/src/openssl-0.9.6d
more INSTALL
../config shared
make
make test
make install
mv /usr/lib/libssl.so /usr/lib/libssl.so.old
mv /usr/lib/libcrypto.so /usr/lib/libcrypto.so.old
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so.2
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 libssl.so.0.9.6
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so.2
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 libcrypto.so.0.9.6
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
#MM- BUILD THE SOURCE (www.engelschall.com/sw/mm)
cd /usr/local/src
gzip -dc mm-1.1.3.tar.gz|tar xvf -
cd /mm-1.1.3
../configure
make
#MOD_SSL- INSTALL NEW PATCH TO APACHE SOURCE
cd /usr/local/src
gzip -dc apache_1.3.26.tar.gz|tar xvf -
gzip -dc mod_ssl-2.8.10-1.3.26.tar.gz |tar xvf -
cd mod_ssl-2.8.10-1.3.26
../configure --with-apache=/usr/local/src/apache_1.3.26
#APACHE- INSTALL NEW TARBALL
cd /usr/local/src/apache_1.3.26
SSL_BASE=SYSTEM; EAPI_MM=../mm-1.1.3
../configure --prefix=/usr/local/apache --enable-module=ssl
--enable-shared=ssl
make
tar cvf /usr/local/apache.020724.tar /usr/local/apache
/usr/local/apache/bin/apachectl stop
#NOTE: INSTALL SSL CERTIFICATE AND KEY NOW, IF NOT ALREADY THERE
make install
/usr/local/apache/bin/apachectl startssl
#......THAT'S ALL IT TAKES......
-----Original Message-----
From: abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent: Wednesday, July 24, 2002 3:17 AM
To: Frederic DONNAT
Subject: Réf. : RE: Problem with ssl
Hi Fred,
That's exactly what I meant by patched (as we may consider that mod_ssl is
not more than a patch applied to Apache source to modify it.
I just keep getting that error.
Please, help if you can.
Thanx
"Frederic DONNAT"
encod.com> cc :
Objet : RE: Problem with ssl
23/07/2002 18:45
Hi Abdel
What do you mean by "patched"?
The classic way is :
[root]# cd mod_ssl-2.8.10-1.3.26
[root]# ./configure --prefix=/path_where_to_install_apache \
--with-apache=/path_to_apache_src --with-ssl=/path_to_openssl_src
[root]# cd /path_to_apache_src
[root]# make
[root]# make install
That's for a dynamic build.
Type the following command line before for a static one:
export LDFLAGS="-ldl"
Be sure to have the rigth openssl installed.
Hope it will help
Fred
-----Original Message-----
From: abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent: Tue 07/23/2002 5:06 PM
To: modssl-users@modssl.org
Cc: owner-modssl-users@modssl.org
Subject: Problem with ssl
*Hi all
I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache
1.3.26 & mod_ssl-2.8.10-1.3.26
I just keep getting an error on line 76 of the mod_ssl.c while compiling
apache (patched with mod_ssl)
which is :
------------------------------------------------------------ ----------------
----------------------
* identify the module to SCCS `what' and RCS `ident' commands
*/
static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
static char const rcsid[] = "$Id: mod_ssl/" MOD_SSL_VERSION " $";
------------------------------------------------------------ ----------------
----------------------
Just followed many procedures and the error remain the same.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Réf. : RE: Réf. : RE: Problem with ssl
am 25.07.2002 09:18:37 von abdel.ramli
Hi Coates,
Concerning the error message I used to get when trying to compile mod_SSL,
I'ld like to get u posted concerning that error.
I followed the same steps than yours, Coates, and nothing worked just
because I wanted openssl & Apache to be installed into a specific
directories :
So I added a --prefix option to it, and this was sufficient to make my
Apache installation crash.
For Apache it is OK but it looks like it doesn't support openssl to be
elsewhere than in its default directory.
Anyway it seems it works Ok for now, as I
Thanx to all;
Abdel
\\\___///
\\ _ _ //
( @ @ )
+-------------------oOOo-(_)-oOOo--------------------+
Abdel RAMLI
abdel.ramli@mpsa.com
Consultant Altaïr Technologies
PSA Peugeot Citroën | site de Bessoncourt
Unité: DINQ/DSIN/INSI/ETSO/PRD
Tel : 03 84 46 92 79 (229279)
+--------------------------- ---Oooo-------------------+
oooO ( )
( ) )/
\( (_)
(_)
"Carter, Coates"
mond.edu> cc : "'abdel.ramli@mpsa.com'"
Envoyé par : Objet : RE: Réf. : RE: Problem with ssl
owner-modssl-users@
modssl.org
24/07/2002 21:47
Veuillez répondre à
modssl-users
Abdel,
What is the error message? You wrote that the error was on line 76 of
mod_ssl.c, but I don't believe you mentioned the error message itself.
I've
just installed mod_ssl on apache on RedHat 7.2, all the same versions as
you. I didn't have any errors or problems. I chose to use the latest
openssl, which added a few more lines of work form me. I've included for
you my notes from my installation. Good luck.
Coates Carter
University of Richmond
#OPENSSL- REMOVE OLD RPM AND INSTALL LATEST TARBALL
rpm -e --repackage --nodeps openssl
cd /usr/local/src
gzip -dc openssl-0.9.6d.tar.gz |tar xvf -
cd /usr/local/src/openssl-0.9.6d
more INSTALL
../config shared
make
make test
make install
mv /usr/lib/libssl.so /usr/lib/libssl.so.old
mv /usr/lib/libcrypto.so /usr/lib/libcrypto.so.old
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 /usr/lib/libssl.so.2
ln -s /usr/local/ssl/lib/libssl.so.0.9.6 libssl.so.0.9.6
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 /usr/lib/libcrypto.so.2
ln -s /usr/local/ssl/lib/libcrypto.so.0.9.6 libcrypto.so.0.9.6
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
#MM- BUILD THE SOURCE (www.engelschall.com/sw/mm)
cd /usr/local/src
gzip -dc mm-1.1.3.tar.gz|tar xvf -
cd /mm-1.1.3
../configure
make
#MOD_SSL- INSTALL NEW PATCH TO APACHE SOURCE
cd /usr/local/src
gzip -dc apache_1.3.26.tar.gz|tar xvf -
gzip -dc mod_ssl-2.8.10-1.3.26.tar.gz |tar xvf -
cd mod_ssl-2.8.10-1.3.26
../configure --with-apache=/usr/local/src/apache_1.3.26
#APACHE- INSTALL NEW TARBALL
cd /usr/local/src/apache_1.3.26
SSL_BASE=SYSTEM; EAPI_MM=../mm-1.1.3
../configure --prefix=/usr/local/apache --enable-module=ssl
--enable-shared=ssl
make
tar cvf /usr/local/apache.020724.tar /usr/local/apache
/usr/local/apache/bin/apachectl stop
#NOTE: INSTALL SSL CERTIFICATE AND KEY NOW, IF NOT ALREADY THERE
make install
/usr/local/apache/bin/apachectl startssl
#......THAT'S ALL IT TAKES......
-----Original Message-----
From: abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent: Wednesday, July 24, 2002 3:17 AM
To: Frederic DONNAT
Subject: Réf. : RE: Problem with ssl
Hi Fred,
That's exactly what I meant by patched (as we may consider that mod_ssl is
not more than a patch applied to Apache source to modify it.
I just keep getting that error.
Please, help if you can.
Thanx
"Frederic DONNAT"
encod.com> cc :
Objet : RE: Problem with ssl
23/07/2002 18:45
Hi Abdel
What do you mean by "patched"?
The classic way is :
[root]# cd mod_ssl-2.8.10-1.3.26
[root]# ./configure --prefix=/path_where_to_install_apache \
--with-apache=/path_to_apache_src --with-ssl=/path_to_openssl_src
[root]# cd /path_to_apache_src
[root]# make
[root]# make install
That's for a dynamic build.
Type the following command line before for a static one:
export LDFLAGS="-ldl"
Be sure to have the rigth openssl installed.
Hope it will help
Fred
-----Original Message-----
From: abdel.ramli@mpsa.com [mailto:abdel.ramli@mpsa.com]
Sent: Tue 07/23/2002 5:06 PM
To: modssl-users@modssl.org
Cc: owner-modssl-users@modssl.org
Subject: Problem with ssl
*Hi all
I'm trying to get mod_ssl work with Apache on RedHat 7.2, with Apache
1.3.26 & mod_ssl-2.8.10-1.3.26
I just keep getting an error on line 76 of the mod_ssl.c while compiling
apache (patched with mod_ssl)
which is :
------------------------------------------------------------ ----------------
----------------------
* identify the module to SCCS `what' and RCS `ident' commands
*/
static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
static char const rcsid[] = "$Id: mod_ssl/" MOD_SSL_VERSION " $";
------------------------------------------------------------ ----------------
----------------------
Just followed many procedures and the error remain the same.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
RE : Réf. : RE: Réf. : RE: Problem with
am 25.07.2002 09:31:27 von Frederic DONNAT
Hi,
> So I added a --prefix option to it, and this was sufficient to make my
> Apache installation crash.
> For Apache it is OK but it looks like it doesn't support openssl to be
> elsewhere than in its default directory.
Wrong Abdel ! ;-)
By default OpenSSl directory is /usr/local
On Mdk you can change this to /usr and install apache with mod-ssl wit-h openssl without problem !
I think that depends on your LD_LIBRARY_PATH !
Fred
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org