modssl with a shared ssl lib base

modssl with a shared ssl lib base

am 17.07.2002 18:53:21 von dufresne

Since apache 2.0.X will not function with older kernels, we have been
trying to upgrade to apache_1.3.26 and wheen out of reliance for present
upon the mod_blowchunks.so thing we have implimented till time permitted.
But, we had decided to build ssl-engine with shared capability, so as to
not have to jump through hoops if matters with apache 2.0.X changed and
such. But, we are failing to get a working httpd when going this route.
I'm wondering if the older apache fails, at least on older kernels, when
ssl has been compiled as an so?

Thanks,


Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: modssl with a shared ssl lib base

am 17.07.2002 18:55:56 von David Loesche

What is the environment you are working on (OS, Compiler, etc)? Also, check
out the documentation located at www.modssl.org (install document). If you
are building on Solaris drop another line and I will forward you some
information (I just spent some time debugging an issue with gcc and Solaris
8).

-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: Wednesday, July 17, 2002 9:53 AM
To: modssl-users@modssl.org
Subject: modssl with a shared ssl lib base


Since apache 2.0.X will not function with older kernels, we have been
trying to upgrade to apache_1.3.26 and wheen out of reliance for present
upon the mod_blowchunks.so thing we have implimented till time permitted.
But, we had decided to build ssl-engine with shared capability, so as to
not have to jump through hoops if matters with apache 2.0.X changed and
such. But, we are failing to get a working httpd when going this route.
I'm wondering if the older apache fails, at least on older kernels, when
ssl has been compiled as an so?

Thanks,


Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: modssl with a shared ssl lib base

am 18.07.2002 14:26:33 von dufresne

Howdy David,

This is an oler linux system. I've been reading along with yer trials and
tribulations, I'm not having to do this on a sun system though, my sparc10
here runs openbsd, but the web server is an older slackware 2.0.35/36
system. Everything built fine upto appache 1.3.30 with
openssl-engine-0.9.6b . Thus, my
question about current attepmts, which fail with apache 1.3.26 and
openssl-engine-0.9.6d . What I end up
with is a decent httpd with a truncated libssl.so, like 5 times smaller
then previously, thus, my suspicion that the older apache's <1.3.x> fail
if openssl is compiled shared <.so> rather then non-shared libraries.

I've toyed about with this configureation script:

#!/bin/bash

#configure ssl

cd mod_ssl-2.8.10-1.3.26/
../configure --with-apache=../apache_1.3.26
--with-crt=/usr/local/apache/conf/ssl.crt/server.crt
--with-key=/usr/local/apache/conf/ssl.key/server.key
#./configure --with-apache=../apache_1.3.26
#--with-ssl=../openssl-engine-0.9.6d --with-mm=../mm-1.1.3
#--with-crt=/usr/local/apache/conf/ssl.crt/server.crt
#--with-key=/usr/local/apache/conf/ssl.key/server.key
#--disable-rule=SSL_COMPAT --enable-module=most

# configure apache

cd ../apache_1.3.26/
export SSL_BASE=../openssl-engine-0.9.6d
export EAPI_MM=../mm-1.1.3
# export $SSL_BASE $EAPI_MM
# ./configure --enable-module=ssl --enable-shared=ssl
#--enable-rule=SSL_SDBM --disable-rule=SSL_COMPAT --enable-module=most
# ./configure --enable-module=ssl --enable-shared=ssl
#--disable-rule=SSL_COMPAT --enable-module=most
./configure --enable-module=ssl --enable-shared=ssl
--enable-module=most
# --enable-shared=max
make


# if all goes well, we need to do a make install

echo " "
echo " ...if all goes well, we need to do a make install..."
echo " "


exit 0

Now, I certainly would have loved to move to apache 2.0.current, but, it's
not liking the older linux kernels at all. I messed with the apache
source some, after I think Owen gave me some direction, but, alas, it
does not run a decent full compile and the apache team won't go grab old
kernels and test to try and deal with the issues.

# gcc --version
2.7.2.3

So, I hate having to backup and then restore all the time testing this,
but am about ready to just recompile openssl unshared and redo, I'm
certainly betting it will fix the issues of a truncated libssl.so...

my older working libssl.so look like this:

-rwx------ 1 root root 1080038 Jul 15 13:45
/usr/local/apache/libexec/libssl.so*

New attempts to build with the above script come up with a module like
this that will not load:

# ls -l src/modules/ssl//libssl.so
-rwx------ 1 root root 224759 Jul 17 13:12
src/modules/ssl//libssl.so*


Thanks,

Ron DuFresne

On Wed, 17 Jul 2002, David Loesche wrote:

> What is the environment you are working on (OS, Compiler, etc)? Also, check
> out the documentation located at www.modssl.org (install document). If you
> are building on Solaris drop another line and I will forward you some
> information (I just spent some time debugging an issue with gcc and Solaris
> 8).
>
> -----Original Message-----
> From: R. DuFresne [mailto:dufresne@sysinfo.com]
> Sent: Wednesday, July 17, 2002 9:53 AM
> To: modssl-users@modssl.org
> Subject: modssl with a shared ssl lib base
>
>
> Since apache 2.0.X will not function with older kernels, we have been
> trying to upgrade to apache_1.3.26 and wheen out of reliance for present
> upon the mod_blowchunks.so thing we have implimented till time permitted.
> But, we had decided to build ssl-engine with shared capability, so as to
> not have to jump through hoops if matters with apache 2.0.X changed and
> such. But, we are failing to get a working httpd when going this route.
> I'm wondering if the older apache fails, at least on older kernels, when
> ssl has been compiled as an so?
>
> Thanks,
>
>
> Ron DuFresne
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> admin & senior security consultant: sysinfo.com
> http://sysinfo.com
>
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation."
> -- Johnny Hart
>
> testing, only testing, and damn good at it too!
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org