Error message help

Hi all, I'm new to the list and to mod_ssl, and well ssl in general, so I
hope you'll forgive what may be dumb questions.

I've been tasked with setting up a ssl site for a small company that wants
to sell online. I've never done anything other than plain sites before, so
I'm having to learn. I've done what all the docs have told me to, as near
as I can tell, and I've gotten pretty far along. I'm still fuzzy on the
exact syntax of the directives, but I've gotten it nearly working I
think. This is all being done on a stock Caldera 3.11 server box.

Now, the error I'm getting now that I can't seem to find any help on, in
the error_log is:


OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long


I've googled on it, and searched FAQ's, etc, and nothing of help has appeared.


I'd appreciate some help on this, I hate when I can't find help in the
docs, I hate having to bother anyone.


Thanks

--
Matt

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Error message help

>From: Matt Nelson [mailto:matt@nelsonprinting.com]
>
>Now, the error I'm getting now that I can't seem to find any
>help on, in
>the error_log is:
>
>OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header too long
>

Unusual.. Do you see anything in the browser? Also:

- What versions of apache, mod_ssl, openssl?
- Static or DSO?
- What browser?

Rgds,
owen Boyle
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Error message help

At 03:56 PM 7/31/2002 +0200, you wrote:
> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> >
> >Now, the error I'm getting now that I can't seem to find any
> >help on, in
> >the error_log is:
> >
> >OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header
> too long
> >
>
>Unusual.. Do you see anything in the browser? Also:
>
>- What versions of apache, mod_ssl, openssl?


Apache 1.3.22
OpenSSL 0.9.6
mod_ssl 1.4



>- Static or DSO?


I'll be honest and say I don't quite understand that question. I'm way
more new at this what I wished. I could probably answer that question, if
asked in different terms.

>- What browser?

IE, Mozilla, you name it.

>Rgds,
>owen Boyle
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Error message help

Well I may have figured this out, https is now running, cert was in the
wrong place, but https returns the default web page for the apache
installation, instead of the real site, which does come up with just
http. I think I can figure that out, but if anyone has pointer
thanks, and thanks for suffering my dumb questions.

--
Matt


At 09:36 AM 7/31/2002 -0500, you wrote:
>At 03:56 PM 7/31/2002 +0200, you wrote:
>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
>> >
>> >Now, the error I'm getting now that I can't seem to find any
>> >help on, in
>> >the error_log is:
>> >
>> >OpenSSL: error:0D06B078:asn1 encoding routines:ASN1_get_object:header
>> too long
>> >
>>
>>Unusual.. Do you see anything in the browser? Also:
>>
>>- What versions of apache, mod_ssl, openssl?
>
>
>Apache 1.3.22
>OpenSSL 0.9.6
>mod_ssl 1.4
>
>
>
>>- Static or DSO?
>
>
>I'll be honest and say I don't quite understand that question. I'm way
>more new at this what I wished. I could probably answer that question, if
>asked in different terms.
>
>>- What browser?
>
>IE, Mozilla, you name it.
>
>>Rgds,
>>owen Boyle
>>__________________________________________________________ ____________
>>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>>User Support Mailing List modssl-users@modssl.org
>>Automated List Manager majordomo@modssl.org
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Error message help

See comments,

Rgds,

Owen Boyle

>-----Original Message-----
>From: Matt Nelson [mailto:matt@nelsonprinting.com]
>Sent: Mittwoch, 31. Juli 2002 17:01
>To: modssl-users@modssl.org
>Subject: RE: Error message help
>
>
>Well I may have figured this out, https is now running, cert
>was in the wrong place,

...or your SSLCertificateFile directive was pointing to the wrong place :-)

> ...but https returns the default web page for the apache
>installation, instead of the real site, which does come up with just
>http. I think I can figure that out, but if anyone has pointer
>thanks, and thanks for suffering my dumb questions.

Check out your DocumentRoot directive in the SSL virtual host - there should only be one. If there is more than one, apache will use the last one... It is this directive which tells apache where to fetch the content.

>
>--
>Matt
>
>
>At 09:36 AM 7/31/2002 -0500, you wrote:
>>At 03:56 PM 7/31/2002 +0200, you wrote:
>>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
>>> >
>>> >Now, the error I'm getting now that I can't seem to find any
>>> >help on, in
>>> >the error_log is:
>>> >
>>> >OpenSSL: error:0D06B078:asn1 encoding
>routines:ASN1_get_object:header
>>> too long
>>> >
>>>
>>>Unusual.. Do you see anything in the browser? Also:
>>>
>>>- What versions of apache, mod_ssl, openssl?
>>
>>
>>Apache 1.3.22
>>OpenSSL 0.9.6
>>mod_ssl 1.4

Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl 2.8.10. That's teh latest mix, also pay attention to the security advisory that was posted to the list today.

>>
>>>- Static or DSO?

When you compiled apache, did you statically compile in mod_ssl (i.e. --enable-module=ssl) so that the mod_ssl binary gets munged in with the apache binary to produce a big binary *or* did you compile mod_ssl as a shared object which would be loaded dynamically at runtime (DSO = Dynamic Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much difference when they're working, but since yours was not working, I thought I'd ask.

>>
>>
>>I'll be honest and say I don't quite understand that
>question. I'm way
>>more new at this what I wished. I could probably answer that
>question, if
>>asked in different terms.
>>
>>>- What browser?
>>
>>IE, Mozilla, you name it.

Just in case it was a funny browser - SSL is as much to do with the client as it is to do with the server so it is essential to verify any problems with several browsers. But you've already done that.

>>
>>>Rgds,
>>>owen Boyle
>>>_________________________________________________________ ____
>_________
>>>Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
>>User Support Mailing List modssl-users@modssl.org
>>Automated List Manager majordomo@modssl.org
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Error message help

At 06:02 PM 7/31/2002 +0200, you wrote:
>See comments,

Ditto,

>Rgds,
>
>Owen Boyle
>
> >-----Original Message-----
> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> >Sent: Mittwoch, 31. Juli 2002 17:01
> >To: modssl-users@modssl.org
> >Subject: RE: Error message help
> >
> >
> >Well I may have figured this out, https is now running, cert
> >was in the wrong place,
>
>..or your SSLCertificateFile directive was pointing to the wrong place :-)

Yup, but dang I was confused on where it went. Everything I've read said
put it somewhere different. Error logs are you friends.


> > ...but https returns the default web page for the apache
> >installation, instead of the real site, which does come up with just
> >http. I think I can figure that out, but if anyone has pointer
> >thanks, and thanks for suffering my dumb questions.
>
>Check out your DocumentRoot directive in the SSL virtual host - there
>should only be one. If there is more than one, apache will use the last
>one... It is this directive which tells apache where to fetch the content.

Yeah I found that right after I wrote that.

> >
> >--
> >Matt
> >
> >
> >At 09:36 AM 7/31/2002 -0500, you wrote:
> >>At 03:56 PM 7/31/2002 +0200, you wrote:
> >>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> >>> >
> >>> >Now, the error I'm getting now that I can't seem to find any
> >>> >help on, in
> >>> >the error_log is:
> >>> >
> >>> >OpenSSL: error:0D06B078:asn1 encoding
> >routines:ASN1_get_object:header
> >>> too long
> >>> >
> >>>
> >>>Unusual.. Do you see anything in the browser? Also:
> >>>
> >>>- What versions of apache, mod_ssl, openssl?
> >>
> >>
> >>Apache 1.3.22
> >>OpenSSL 0.9.6
> >>mod_ssl 1.4
>
>Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl
>2.8.10. That's teh latest mix, also pay attention to the security advisory
>that was posted to the list today.

I'll do that.


> >>
> >>>- Static or DSO?
>
>When you compiled apache, did you statically compile in mod_ssl (i.e.
>--enable-module=ssl) so that the mod_ssl binary gets munged in with the
>apache binary to produce a big binary *or* did you compile mod_ssl as a
>shared object which would be loaded dynamically at runtime (DSO = Dynamic
>Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much
>difference when they're working, but since yours was not working, I
>thought I'd ask.

I didn't compile, I used everything stock from the Caldera 3.11 server
install. A bad idea now I know, if I'd done it on my own or recompiled, I'd
know which it was, among other things.

> >>
> >>
> >>I'll be honest and say I don't quite understand that
> >question. I'm way
> >>more new at this what I wished. I could probably answer that
> >question, if
> >>asked in different terms.
> >>
> >>>- What browser?
> >>
> >>IE, Mozilla, you name it.
>
>Just in case it was a funny browser - SSL is as much to do with the client
>as it is to do with the server so it is essential to verify any problems
>with several browsers. But you've already done that.

Yeah... See I do try, I hate being a clueless newbie, or at least acting
like one. I always try to cover the bases myself, so I don't get RTFM
responses. I'm sure I'll have some other questions, though, and soon.

Thanks much

--
Matt

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

MM doesn"t work now with 0.9.6e

I just installed the newest version of openssl and recompiled mm, mod_ssl,
mod_perl, and apache. Now when I start apache I get an error from my
httpd.conf file about the SSLSessionCache option. The error is:

SSLSessionCache: shared memory cache not useable on this platform

Well, it was with openssl 0.9.6c. I didn't do anything different in my
installation steps which were:

install openssl

configure mm with disable-shared
make

configure mod_ssl --with-apache=../apache_1.3.26

install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)

set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1

configure and install apache:

../configure --enable-module=proxy --enable-module=so
--activate-module=src/modules/perl/libperl.a --enable-module=perl
--enable-rule=SHARED_CORE --enable-module=ssl

make

make certificate

make install



Without the shared option in the config file, apache starts just fine, but
it won't work with:

SSLSessionCache shm:/usr/local/apache/logs/ssl/ssl_scache(512000)

It worked before.

What did I break?


Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its

On Wed, 31 Jul 2002, Matt Nelson wrote:

> At 06:02 PM 7/31/2002 +0200, you wrote:
> >See comments,
>
> Ditto,
>
> >Rgds,
> >
> >Owen Boyle
> >
> > >-----Original Message-----
> > >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> > >Sent: Mittwoch, 31. Juli 2002 17:01
> > >To: modssl-users@modssl.org
> > >Subject: RE: Error message help
> > >
> > >
> > >Well I may have figured this out, https is now running, cert
> > >was in the wrong place,
> >
> >..or your SSLCertificateFile directive was pointing to the wrong place :-)
>
> Yup, but dang I was confused on where it went. Everything I've read said
> put it somewhere different. Error logs are you friends.
>
>
> > > ...but https returns the default web page for the apache
> > >installation, instead of the real site, which does come up with just
> > >http. I think I can figure that out, but if anyone has pointer
> > >thanks, and thanks for suffering my dumb questions.
> >
> >Check out your DocumentRoot directive in the SSL virtual host - there
> >should only be one. If there is more than one, apache will use the last
> >one... It is this directive which tells apache where to fetch the content.
>
> Yeah I found that right after I wrote that.
>
> > >
> > >--
> > >Matt
> > >
> > >
> > >At 09:36 AM 7/31/2002 -0500, you wrote:
> > >>At 03:56 PM 7/31/2002 +0200, you wrote:
> > >>> >From: Matt Nelson [mailto:matt@nelsonprinting.com]
> > >>> >
> > >>> >Now, the error I'm getting now that I can't seem to find any
> > >>> >help on, in
> > >>> >the error_log is:
> > >>> >
> > >>> >OpenSSL: error:0D06B078:asn1 encoding
> > >routines:ASN1_get_object:header
> > >>> too long
> > >>> >
> > >>>
> > >>>Unusual.. Do you see anything in the browser? Also:
> > >>>
> > >>>- What versions of apache, mod_ssl, openssl?
> > >>
> > >>
> > >>Apache 1.3.22
> > >>OpenSSL 0.9.6
> > >>mod_ssl 1.4
> >
> >Um... If I were you, I'd get apache 1.3.26, OpenSSL 0.9.6e and mod_ssl
> >2.8.10. That's teh latest mix, also pay attention to the security advisory
> >that was posted to the list today.
>
> I'll do that.
>
>
> > >>
> > >>>- Static or DSO?
> >
> >When you compiled apache, did you statically compile in mod_ssl (i.e.
> >--enable-module=ssl) so that the mod_ssl binary gets munged in with the
> >apache binary to produce a big binary *or* did you compile mod_ssl as a
> >shared object which would be loaded dynamically at runtime (DSO = Dynamic
> >Shared Object), i.e. --enable-shared=ssl? Usually, it doesn't make much
> >difference when they're working, but since yours was not working, I
> >thought I'd ask.
>
> I didn't compile, I used everything stock from the Caldera 3.11 server
> install. A bad idea now I know, if I'd done it on my own or recompiled, I'd
> know which it was, among other things.
>
> > >>
> > >>
> > >>I'll be honest and say I don't quite understand that
> > >question. I'm way
> > >>more new at this what I wished. I could probably answer that
> > >question, if
> > >>asked in different terms.
> > >>
> > >>>- What browser?
> > >>
> > >>IE, Mozilla, you name it.
> >
> >Just in case it was a funny browser - SSL is as much to do with the client
> >as it is to do with the server so it is essential to verify any problems
> >with several browsers. But you've already done that.
>
> Yeah... See I do try, I hate being a clueless newbie, or at least acting
> like one. I always try to cover the bases myself, so I don't get RTFM
> responses. I'm sure I'll have some other questions, though, and soon.
>
> Thanks much
>
> --
> Matt
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MM doesn"t work now with 0.9.6e

> configure mod_ssl --with-apache=../apache_1.3.26

Seems like you need to supply mod_ssl with all of the configure directives
you show below for apache, and then when it comes time to compile apache,
you just run the auto-generated config.status script. At least that worked
for me using the same versions you are using (under Red Hat Linux). Of
course, I don't have mod_perl, so that may make a difference...

>
> install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
> DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)
>
> set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1
>
> configure and install apache:
>
> ./configure --enable-module=proxy --enable-module=so
> --activate-module=src/modules/perl/libperl.a --enable-module=perl
> --enable-rule=SHARED_CORE --enable-module=ssl
>
> make
>
> make certificate
>
> make install


David

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MM doesn"t work now with 0.9.6e

I'm an idiot. I set the EAPI_MM variable as MM_EAPI. Dyslexia gets you
every time.

Thanks

Dave

Dave Lowenstein
Programmer/Analyst
Instructional Technology Services
San Diego State University
(619)594-0270
http://www-rohan.sdsu.edu/dept/its

On Wed, 31 Jul 2002, David Wall wrote:

> > configure mod_ssl --with-apache=../apache_1.3.26
>
> Seems like you need to supply mod_ssl with all of the configure directives
> you show below for apache, and then when it comes time to compile apache,
> you just run the auto-generated config.status script. At least that worked
> for me using the same versions you are using (under Red Hat Linux). Of
> course, I don't have mod_perl, so that may make a difference...
>
> >
> > install mod_perl (perl Makefile.PL APACHE_SRC=../apache_1.3.26/src
> > DO_HTTPD=0 USE_APACI=1 PREP_HTTPD=1 EVERYTHING=1)
> >
> > set SSL_BASE and EAPI_MM variables to ../openssl0.9.6e and ../mm-1.2.1
> >
> > configure and install apache:
> >
> > ./configure --enable-module=proxy --enable-module=so
> > --activate-module=src/modules/perl/libperl.a --enable-module=perl
> > --enable-rule=SHARED_CORE --enable-module=ssl
> >
> > make
> >
> > make certificate
> >
> > make install
>
>
> David
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org