httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From geb...@ameritech.net
Subject Re: [users@httpd] FW: Compiling mod_ssl as a DSO
Date Tue, 11 Feb 2003 15:36:00 GMT

There's a security vulnerability with openssl 0.9.6b.  For further 
details on it, search out the "slapper" worm... cert.org should have 
info on it.

ken

Sander Holthaus - Orange XL at 17:54 (UTC+0100) on Mon, 10 Feb 2003 said:

= Sorry, typo in my reply. It should state why not to use OpenSSL 0.9.6b (i
= forgot the version bit)! There is absolutely nothing wrong with OpenSSL,
= just with some old versions.
= 
= Kind Regards,
= Sander Holthaus
= 
= ----- Original Message -----
= From: "Sander Holthaus - Orange XL" <info@orangexl.com>
= To: <users@httpd.apache.org>
= Sent: Monday, February 10, 2003 5:32 PM
= Subject: Re: [users@httpd] FW: Compiling mod_ssl as a DSO
= 
= 
= > The latest version is 0.9.7, but I don't know if it will work with Apache
= > 1.3.12 and your operatingsystem. It should.
= >
= > More info on why not to use OpenSSL can be found at
= > http://www.securiteam.com/unixfocus/5PP0B2A8AA.html and
= > http://httpd.apache.org
= >
= > Kind Regards,
= > Sander Holthaus
= >
= > ----- Original Message -----
= > From: "Simon Donally" <simon.donally@vcontractor.co.za>
= > To: <users@httpd.apache.org>
= > Sent: Monday, February 10, 2003 3:52 PM
= > Subject: RE: [users@httpd] FW: Compiling mod_ssl as a DSO
= >
= >
= > Hi
= >
= > Thanks for the reply, please could you recommend a more appropriate
= version
= > of OpenSSL to use with Apache 1.3.12?
= >
= > Simon Donally
= >
= >  -----Original Message-----
= > From: Sander Holthaus - Orange XL [mailto:info@orangexl.com]
= > Sent: Monday, February 10, 2003 4:24 PM
= > To: users@httpd.apache.org
= > Subject: Re: [users@httpd] FW: Compiling mod_ssl as a DSO
= >
= > You should not use openssl 0.9.6b.
= >
= > Kind Regards,
= > Sander Holthaus
= >
= > ----- Original Message -----
= > From: "Simon Donally" <simon.donally@vcontractor.co.za>
= > To: <users@httpd.apache.org>
= > Sent: Monday, February 10, 2003 1:11 PM
= > Subject: [users@httpd] FW: Compiling mod_ssl as a DSO
= >
= >
= > Hi List Users
= >
= > I am trying to configure Apache to run with ModSSL as a DSO. I am using
= > relatively old versions of software as this particular version of Apache
= > functions on the system. The software versions are as follows
= >
= > Apache 1.3.12
= > Openssl_0.9.6b
= > Modssl_2.6.6
= >
= > I have read numerous articles both from the list forum and from articles
= > found from internet searches. I have tried many options to configure
= Apache
= > to run with SSL as a DSO over a period of a week and to date have not been
= > successful.
= >
= > I have listed the errors I obtain and the steps I follow to compile
= Apache.
= > I would be most grateful for any advice which may lead to the resolution
= of
= > this problem.
= >
= > 1) Compile OpenSSL 0.9.6b as a shared object as follows
= > a. make clean
= > b. make test
= > c. make build-shared
= >
= > 2) ./configure \
= > --enable-module=so
= > --with-apache=/home/sxxx/apache_1.3.12 \
= > --with-ssl=/home/simon/Openssl-0.9.6b/openssl-0.9.6b \
= > --prefix=/home/simon/Apache12SO \
= > --enable-module=ssl
= >
= > 3) cd /home/sxxx/apache_1.3.12
= >
= > make
= > make certificate
= > make install
= >
= > 4) The entry in the httpd.conf file is as follows
= > <IfDefine SSL>
= > LoadModule ssl_module   libexec/libssl.so
= > </IfDefine>
= >
= > * This is the first error I obtain
= >
= > hometop1% apachectl startssl
= > Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
= > Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1:
= > /home/simon/Apache12SO/bin/httpd: fatal: libssl.so.0.9.6: open failed: No
= > such file or directory
= > .//apachectl startssl: httpd could not be started
= >
= > This is resolved by setting the LD_LIBRARY_PATH variable to
= > /usr/local/ssl/lib
= > bash-2.02$ export LD_LIBRARY_PATH:/usr/local/ssl/lib:$LD_LIBRARY_PATH
= >
= >
= > * This is the next error I obtain after having set the LD_LIBRARY_PATH
= > variable to
= > bash-2.02$ apachectl startssl
= >
= > Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
= > Cannot load /home/simon/Apache12SO/libexec/libssl.so into server: ld.so.1
= > : /home/simon/Apache12SO/bin/httpd: fatal: relocation error: file
= > /home/simon/Apache12SO/libexec/libssl.so: symbol ap_user_id: referenced
= > symbol not found
= > .//apachectl startssl: httpd could not be started
= >
= >
= > The next step I tried was
= > * To directly copy libssl.so from Openssl to libexec using libssl.so from
= > Openssl
= > * To set the library path to point to /home/simon/Apache12SO/libexec only
= >
= > bash-2.02$ pwd
= > /reserv/home/simon/Apache12SO/libexec
= > bash-2.02$ ls -lisa
= > total 2472
= >     118879    2 drwxr-xr-x   2 simon    htgroup      512 Feb 10 09:03 .
= >     420694    2 drwxrwxr-x  12 simon    htgroup      512 Feb  6 16:43 ..
= >     118881   16 -rw-r--r--   1 simon    htgroup     8153 Feb  7 10:57
= > httpd.exp
= >     118893    2 lrwxrwxrwx   1 simon    htgroup       11 Feb 10 09:03
= > libssl.so -> libssl.so.0
= >     118888    2 lrwxrwxrwx   1 simon    htgroup       15 Feb 10 09:03
= > libssl.so.0 -> libssl.so.0.9.6
= >     118886 1920 -rwxrwxr-x   1 simon    htgroup   970983 Feb  7 12:45
= > libssl.so.0.9.6
= >     118890  528 -rwxr-xr-x   1 simon    htgroup   256259 Feb  7 10:57
= > libssl.so.old
= >
= > This didn't work either and generated the following error, I notice that
= the
= > file libssl.so.old generated when Apache was compiled is considerably
= > smaller than the file libssl.so.0.9.6 copied from OpenSSL
= >
= > Syntax error on line 208 of /home/simon/Apache12SO/conf/httpd.conf:
= > Can't locate API module structure `ssl_module' in file
= > /home/simon/Apache12SO/libexec/libssl.so: ld.so.1:
= > /home/simon/Apache12SO/bin/httpd: fatal: ssl_module: can't find symbol
= > .//apachectl startssl: httpd could not be started
= >
= > regards
= >
= > Simon Donally
= >
= > ---------------------------------------------------------------------
= > The official User-To-User support forum of the Apache HTTP Server Project.
= > See <URL:http://httpd.apache.org/userslist.html> for more info.
= > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
= >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
= > For additional commands, e-mail: users-help@httpd.apache.org
= >
= >
= >
= > ---------------------------------------------------------------------
= > The official User-To-User support forum of the Apache HTTP Server Project.
= > See <URL:http://httpd.apache.org/userslist.html> for more info.
= > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
= >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
= > For additional commands, e-mail: users-help@httpd.apache.org
= >
= >
= >
= >
= > ---------------------------------------------------------------------
= > The official User-To-User support forum of the Apache HTTP Server Project.
= > See <URL:http://httpd.apache.org/userslist.html> for more info.
= > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
= >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
= > For additional commands, e-mail: users-help@httpd.apache.org
= >
= >
= >
= > ---------------------------------------------------------------------
= > The official User-To-User support forum of the Apache HTTP Server Project.
= > See <URL:http://httpd.apache.org/userslist.html> for more info.
= > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
= >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
= > For additional commands, e-mail: users-help@httpd.apache.org
= >
= >
= 
= 
= ---------------------------------------------------------------------
= The official User-To-User support forum of the Apache HTTP Server Project.
= See <URL:http://httpd.apache.org/userslist.html> for more info.
= To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
=    "   from the digest: users-digest-unsubscribe@httpd.apache.org
= For additional commands, e-mail: users-help@httpd.apache.org
= 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message