problem with ssl

am 23.07.2002 15:44:44 von Ernest

This is a multi-part message in MIME format.

------=_NextPart_000_0044_01C2325F.DE2CB8F0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0045_01C2325F.DE2E3F90"

------=_NextPart_001_0045_01C2325F.DE2E3F90
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Excause me if i wrote to wrong mailing group, but i have a problem with =
logging to documents on server usin ssl.

I have a test server with apache_1.3.19 instaled from rpm under RH7.0
and the secon apache_1.3.26.tar.gz with mod_ssl-2.8.9, =
openssl-0.9.7-beta2, php-4.2.1, mod_perl-1.27 i have installed few weeks =
ago
listening on port 443 only, I changed path in httpd.conf. I send a =
config fila from 1.3.26
My problem is i cant log in using ssl, somethings wrong with =
authentication.

Very thanks for help or tip.

ernest matolicz

------=_NextPart_001_0045_01C2325F.DE2E3F90
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

charset=3Diso-8859-2">

Excause me if i wrote to wrong =
mailing group,=20
but i have a problem with logging to documents on server usin =
ssl.

I have a test server with =
apache_1.3.19=20
instaled from rpm under RH7.0

and the secon apache_1.3.26.tar.gz =
with=20
mod_ssl-2.8.9, openssl-0.9.7-beta2, php-4.2.1, mod_perl-1.27 i have =
installed=20
few weeks ago

listening on port 443 only, =
I changed=20
path in httpd.conf. I send a config fila from =
1.3.26

My problem is i cant log in using =
ssl,=20
somethings wrong with authentication.

Very thanks for help or =
tip.

ernest =
matolicz

------------------------------------------------------------ ----------

Zanim zaczniesz swoj dzien... >>>

------=_NextPart_001_0045_01C2325F.DE2E3F90--
------=_NextPart_000_0044_01C2325F.DE2CB8F0
Content-Type: application/octet-stream;
name="httpd.conf"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="httpd.conf"

ServerType standalone
ServerRoot "/usr/src/apache"
#LockFile /usr/src/apache/logs/httpd.lock
PidFile /usr/src/apache/logs/httpd.pid
ScoreBoardFile /usr/src/apache/logs/httpd.scoreboard
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
#Listen 3000
#Listen 12.34.56.78:80
#BindAddress *

# Example:
# LoadModule foo_module libexec/mod_foo.so
LoadModule vhost_alias_module libexec/mod_vhost_alias.so
LoadModule env_module libexec/mod_env.so
LoadModule define_module libexec/mod_define.so
LoadModule config_log_module libexec/mod_log_config.so
LoadModule mime_magic_module libexec/mod_mime_magic.so
LoadModule mime_module libexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
LoadModule status_module libexec/mod_status.so
LoadModule info_module libexec/mod_info.so
LoadModule includes_module libexec/mod_include.so
LoadModule autoindex_module libexec/mod_autoindex.so
LoadModule dir_module libexec/mod_dir.so
LoadModule cgi_module libexec/mod_cgi.so
LoadModule asis_module libexec/mod_asis.so
LoadModule imap_module libexec/mod_imap.so
LoadModule action_module libexec/mod_actions.so
LoadModule speling_module libexec/mod_speling.so
LoadModule userdir_module libexec/mod_userdir.so
LoadModule alias_module libexec/mod_alias.so
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule access_module libexec/mod_access.so
LoadModule auth_module libexec/mod_auth.so
LoadModule anon_auth_module libexec/mod_auth_anon.so
LoadModule dbm_auth_module libexec/mod_auth_dbm.so
LoadModule digest_module libexec/mod_digest.so
LoadModule proxy_module libexec/libproxy.so
LoadModule cern_meta_module libexec/mod_cern_meta.so
LoadModule expires_module libexec/mod_expires.so
LoadModule headers_module libexec/mod_headers.so
LoadModule usertrack_module libexec/mod_usertrack.so
LoadModule unique_id_module libexec/mod_unique_id.so
LoadModule setenvif_module libexec/mod_setenvif.so

LoadModule ssl_module libexec/libssl.so

LoadModule php4_module libexec/libphp4.so

ClearModuleList
AddModule mod_vhost_alias.c
AddModule mod_env.c
AddModule mod_define.c
AddModule mod_log_config.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_dbm.c
AddModule mod_digest.c
AddModule mod_proxy.c
AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c

AddModule mod_ssl.c

AddModule mod_php4.c

#ExtendedStatus On

#Port 80

#Listen 80
Listen 443

User nobody
Group nobody

ServerAdmin root@maniac
ServerName xxx.xxx.xxx.xxx

DocumentRoot "/home/httpd/html"

Options FollowSymLinks
AllowOverride None

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all

UserDir public_html

#
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#
# Order allow,deny
# Allow from all
#
#
# Order deny,allow
# Deny from all
#
#

DirectoryIndex index.html index.htm index.php index.cgi

AccessFileName .htaccess

Order allow,deny
Deny from all
# Satisfy All

#CacheNegotiatedDocs
UseCanonicalName On

TypesConfig /usr/src/apache/conf/mime.types

DefaultType text/plain

MIMEMagicFile /usr/src/apache/conf/magic

HostnameLookups Off

ErrorLog /usr/src/apache/logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" =
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /usr/src/apache/logs/access_log common

#CustomLog /usr/src/apache/logs/referer_log referer
#CustomLog /usr/src/apache/logs/agent_log agent

#CustomLog /usr/src/apache/logs/access_log combined

ServerSignature On
# > AddType text/html .ahtml
# > EBCDICConvert Off=3DInOut .ahtml
#
# EBCDICConvertByType On=3DInOut text/* message/* multipart/*
# EBCDICConvertByType On=3DIn application/x-www-form-urlencoded
# EBCDICConvertByType On=3DInOut application/postscript model/vrml
# EBCDICConvertByType Off=3DInOut */*

Alias /icons/ "/home/httpd/icons/"

IdentityCheck on
AuthType basic
AuthUserFile /home/httpd/cgi-bin/.htpasswd
AuthName home
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all

Alias /manual/ "/usr/src/apache/htdocs/manual/"

Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all

=20
ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"

IdentityCheck on
AuthType basic
AuthUserFile /home/httpd/cgi-bin/.htpasswd
AuthName home
AllowOverride None
Options None
Order allow,deny
Allow from all

# End of aliases.

IndexOptions FancyIndexing

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

=20
DefaultIcon /icons/unknown.gif

AddDescription "GZIP compressed document" .gz
AddDescription "tar archive" .tar
AddDescription "GZIP compressed tar archive" .tgz

ReadmeName README
HeaderName HEADER

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

=20
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage he .he
AddCharset ISO-8859-8 .iso8859-8
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage kr .kr
AddCharset ISO-2022-KR .iso-kr
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .sv
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage zh-tw .tw
AddLanguage tw .tw
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251
AddCharset CP866 .cp866
AddCharset ISO-8859-5 .iso-ru
AddCharset KOI8-R .koi8-r
AddCharset UCS-2 .ucs2
AddCharset UCS-4 .ucs4
AddCharset UTF-8 .utf8

=20

LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru =
ltz ca es sv tw

=20
AddType application/x-tar .tgz
AddType application/x-httpd-php .php
=20
AddHandler cgi-script .cgi

AddType text/html .shtml
AddHandler server-parsed .shtml

AddHandler send-as-is asis

AddHandler imap-file map

AddHandler type-map var

#MetaDir .web

#MetaSuffix .meta

=20
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 =
force-response-1.0

=20
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

#
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#

#
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#

#
# Deny from all
# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#

#
# ProxyRequests On

#
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#

=20
# ProxyVia On

# CacheRoot "/usr/src/apache/proxy"
# CacheSize 5
# CacheGcInterval 4
# CacheMaxExpire 24
# CacheLastModifiedFactor 0.1
# CacheDefaultExpire 1
# NoCache a-domain.com another-domain.edu joes.garage-sale.com

#

#NameVirtualHost *

#
# ServerAdmin webmaster@dummy-host.example.com
# DocumentRoot /www/docs/dummy-host.example.com
# ServerName dummy-host.example.com
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#

#
#

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

#SSLSessionCache none
#SSLSessionCache shmht:/usr/src/apache/logs/ssl_scache(512000)
#SSLSessionCache shmcb:/usr/src/apache/logs/ssl_scache(512000)
SSLSessionCache dbm:/usr/src/apache/logs/ssl_scache
SSLSessionCacheTimeout 300

SSLMutex file:/usr/src/apache/logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

SSLLog /usr/src/apache/logs/ssl_engine_log
SSLLogLevel info

##
## SSL Virtual Host Context
##

DocumentRoot "/home/httpd/html"
ServerName xxx.xxx.xxx.xxx
ServerAdmin root@maniac
ErrorLog /usr/src/apache/logs/error_log
TransferLog /usr/src/apache/logs/access_log

SSLEngine on

SSLCipherSuite =
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

SSLCertificateFile /usr/src/apache/conf/ssl.crt/server.crt
#SSLCertificateFile /usr/src/apache/conf/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /usr/src/apache/conf/ssl.key/server.key
#SSLCertificateKeyFile /usr/src/apache/conf/ssl.key/server-dsa.key

#SSLCertificateChainFile /usr/src/apache/conf/ssl.crt/ca.crt

#SSLCACertificatePath /usr/src/apache/conf/ssl.crt
#SSLCACertificateFile /usr/src/apache/conf/ssl.crt/ca-bundle.crt

#SSLCARevocationPath /usr/src/apache/conf/ssl.crl
#SSLCARevocationFile /usr/src/apache/conf/ssl.crl/ca-bundle.crl

#SSLVerifyClient require
#SSLVerifyDepth 10

#
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >=3D 1 and %{TIME_WDAY} <=3D 5 \
# and %{TIME_HOUR} >=3D 8 and %{TIME_HOUR} <=3D 20 ) \
# or %{REMOTE_ADDR} =3D~ m/^192\.76\.162\.[0-9]+$/
#

# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means =
that
# the standard Auth/DBMAuth methods can be used for access control. =
The
# user name is the `one line' version of the client's X.509 =
certificate.
# Note that no password is obtained from the user. Every entry in =
the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT =
and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the =
certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment =
variables.
# Per default this exportation is switched off for performance =
reasons,
# because the extraction step is an expensive operation and is =
usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o CompatEnvVars:
# This exports obsolete environment variables for backward =
compatibility
# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. =
Use this
# to provide compatibility to existing CGI scripts.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied =
even
# under a "Satisfy any" situation, i.e. when it applies access is =
denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when =
SSL
# directives are used in per-directory context.=20
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire

SSLOptions +StdEnvVars

SSLOptions +StdEnvVars

# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't =
wait for
# the close notify alert from client. When you need a different =
shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, =
i.e. no
# SSL close notify alert is send or allowed to received. This =
violates
# the SSL/TLS standard but is needed for some brain-dead browsers. =
Use
# this when you receive I/O errors because of the standard approach =
where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, =
i.e. a
# SSL close notify alert is send and mod_ssl waits for the close =
notify
# alert of the client. This is 100% SSL/TLS standard compliant, but =
in
# practice often causes hanging connections with brain-dead =
browsers. Use
# this only for browsers where you know that their SSL =
implementation
# works correctly.=20
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for =
this.
# Similarly, one has to force some clients to use HTTP/1.0 to =
workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" =
and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog /usr/src/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

=20

------=_NextPart_000_0044_01C2325F.DE2CB8F0--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org