SSLCryptoDevice Directive

I am attempting to get a CryptoSwift PCI harware accelerator engine
working with:

OpenSSL 0.9.7a
modssl 2.8.12
apache 1.3.27

When adding the 'SSLCryptoDevice cswift' line to my httpd.conf I receive
the following:

Starting httpd: /opt/apache/bin/httpd -DPHP4 -DSSL Syntax error on
line 1024 of /opt/apache/conf/httpd.conf:

Invalid command 'SSLCryptoDevice', perhaps mis-spelled or defined by a
module not included in the server configuration. I have tried placing
the directive in the global ssl options and in the
and get the same error.

I assume that possibly apache is still using an older verison of mod_ssl
somehow. I know since openssl 0.9.7 the engine code is built in so you
don't need the --enable-rule=SSL_EXPERIMENTAL anymore or is that
incorrect?

Is there an easy way to determine what version of mod_ssl Apache is
actually loading?

Any help would be great! Thanx!

--
Tyler Walden
SwiftView, Inc.
Network Administrator
tyler@swiftview.com
(503)885-9392[126] voice
(503)885-9352 fax
http://www.swiftview.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLCryptoDevice Directive

Hi,

To know the version of mod_ssl running, you can read the logs at the
apache startup, or do a connection with nc or telnet on your webserver
and do a HEAD request. The server will answer sending the Server header
with the server version.

You need the --enable-rule=SSL_EXPERIMENTAL The directive
SSLCryptoDevice is provided by mod_ssl. without the SSL_EXPERIMENTAL
rule, it doesn't provide the directive.
So you have to recompile mod_ssl with it.

regards,

Matthieu Estrade

Tyler Walden wrote:

>I am attempting to get a CryptoSwift PCI harware accelerator engine
>working with:
>
>OpenSSL 0.9.7a
>modssl 2.8.12
>apache 1.3.27
>
>When adding the 'SSLCryptoDevice cswift' line to my httpd.conf I receive
>the following:
>
>Starting httpd: /opt/apache/bin/httpd -DPHP4 -DSSL Syntax error on
>line 1024 of /opt/apache/conf/httpd.conf:
>
>Invalid command 'SSLCryptoDevice', perhaps mis-spelled or defined by a
>module not included in the server configuration. I have tried placing
>the directive in the global ssl options and in the
>and get the same error.
>
>I assume that possibly apache is still using an older verison of mod_ssl
>somehow. I know since openssl 0.9.7 the engine code is built in so you
>don't need the --enable-rule=SSL_EXPERIMENTAL anymore or is that
>incorrect?
>
>Is there an easy way to determine what version of mod_ssl Apache is
>actually loading?
>
>Any help would be great! Thanx!
>
>
>


____________________________________________________________ _________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLCryptoDevice Directive

Hi,

On Wed, 4 Mar 2003, Tyler Walden wrote:

> I assume that possibly apache is still using an older verison of mod_ssl
> somehow. I know since openssl 0.9.7 the engine code is built in so you
> don't need the --enable-rule=SSL_EXPERIMENTAL anymore or is that
> incorrect?

The SSL_EXPERIMENTAL rule is an option to modSSL, not OpenSSL. You need to
enable it to use hardware crypto in modSSL. I built modSSL with this rule
enabled and my Ncipher Crypto module works fine. Your apache directive is
correct.

>
> Is there an easy way to determine what version of mod_ssl Apache is
> actually loading?

try "strings httpd | grep 'mod_ssl/'"

>
> Any help would be great! Thanx!

Cheers
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org