From owner-freebsd-stable Wed Aug 16 20:59:34 2000 Delivered-To: freebsd-stable@freebsd.org Received: from gateway.jumpweb.com (mgooderum1.dsl.uswest.net [209.180.19.145]) by hub.freebsd.org (Postfix) with ESMTP id 2020F37B68F for ; Wed, 16 Aug 2000 20:59:27 -0700 (PDT) (envelope-from mark@JUMPWEB.COM) Received: from purgatory.jumpweb.com (purgatory [172.15.1.5]) by gateway.jumpweb.com (8.9.3/8.9.3) with ESMTP id WAA04947; Wed, 16 Aug 2000 22:58:34 -0500 (CDT) (envelope-from mark@JUMPWEB.COM) Received: by purgatory.jumpweb.com with Internet Mail Service (5.5.2650.21) id ; Wed, 16 Aug 2000 22:58:34 -0500 Message-ID: <251BF6012D6B4A49A4109B1C3289A7B5BB59@purgatory.jumpweb.com> From: "Gooderum, Mark" To: "'Nader Turki'" , freebsd-stable@FreeBSD.ORG Subject: apache13-modssl II Date: Wed, 16 Aug 2000 22:58:33 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C007FF.695DE031" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C007FF.695DE031 Content-Type: text/plain; charset="iso-8859-1" As long as we're on the topic. I was getting these errors with the apache13-modssl port with both Netscape 4.73 and IE 5.01SP1 (on Win2k SP1): [16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Handshake: start [16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: before/accept initializatio\ n [16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 read client hello A [16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 write server hello A [16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 write certificate A [16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 write server done A [16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 flush data [16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Loop: SSLv3 read client key excha\ nge A [16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Write: SSLv3 read certificate ver\ ify A [16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Exit: error in SSLv3 read certifi\ cate verify A [16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Exit: error in SSLv3 read certifi\ cate verify A [16/Aug/2000 00:09:26 09537] [error] SSL handshake failed (server appserver.jum\ pweb.com:443, client 63.89.161.43) (OpenSSL library error follows) [16/Aug/2000 00:09:26 09537] [error] OpenSSL: error:1408F071::lib(20) :SSL3_GET\ _RECORD:bad mac decode [Hint: Browser still remembered details of a re-created \ server certificate?] If I forced things to SSLv2 I still got errors: [16/Aug/2000 00:16:19 09629] [info] Seeding PRNG with 512 bytes of entropy [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Handshake: start [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: before/accept initializatio\ n [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 read client hello A [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 write server hello A [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 read client master ke\ y A [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 server start encrypti\ on [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 write server verify A [16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Exit: failed in SSLv2 read client\ finished A [16/Aug/2000 00:16:19 09629] [error] SSL handshake failed (server appserver.jum\ pweb.com:443, client 63.89.161.43) (OpenSSL library error follows) [16/Aug/2000 00:16:19 09629] [error] OpenSSL: error:140BB004::lib(20) :SSL_RSA_\ PRIVATE_DECRYPT:reason(4) So I fudged the environment variables and built openssl-0.9.5a from /usr/ports and plugged libcrypto.* and libssl.* with the 0.9.5a versions and everything started working. Is there any technical reason that the 4.x baseline is still 0.9.4? There seems to be known interaction bugs with 0.9.4 and the newer browsers having to do with framing expectations not being met that are fixed in 0.9.5a. -- Mark > -----Original Message----- > From: Nader Turki [ mailto:nader@venix.net ] > Sent: Wednesday, August 16, 2000 8:01 PM > To: freebsd-stable@FreeBSD.ORG > Subject: Re: apache13-modssl > > > thanks guys i fixed it, i guess all i had to do was > apachectl stop > then > apachectl startssl > > later, > > --nader > > ---------------------------------------------- > Nader Turki > System Administrator > Venix Internet Services - http://www.venix.net > E-mail: nader@venix.net > > On Wed, 16 Aug 2000, Nader Turki wrote: > > > hi there, > > i installed fresh FreeBSD 4.1-RELEASE and upgraded to > FreeBSD 4.1-STABLE > > and upgraded the ports too. > > i installed apache13-modssl from the ports. http is working > fine but https > > is not working i get the following message on logs: > > > > [16/Aug/2000 14:49:57 01027] [info] Server: Apache/1.3.12, > Interface: > > mod_ssl/2.6.6, Library: OpenSSL/0.9.4 > > [16/Aug/2000 14:49:57 01027] [info] Init: 1st startup > round (still not > > detached) > > [16/Aug/2000 14:49:57 01027] [info] Init: Initializing > OpenSSL library > > [16/Aug/2000 14:49:57 01027] [info] Init: Loading > certificate & private > > key of SSL-aware server www.ensonic.net:443 > > [16/Aug/2000 14:49:57 01027] [info] Init: Requesting pass > phrase via > > builtin terminal dialog > > [16/Aug/2000 14:50:04 01027] [error] Init: Private key not > found (OpenSSL > > library error follows) > > [16/Aug/2000 14:50:04 01027] [error] OpenSSL: > error:0D06B078:asn1 encoding > > routines:ASN1_get_object:header too long > > > > was hoping maybe someone could help me. > > > > thanks, > > > > --nader > > > > ---------------------------------------------- > > Nader Turki > > System Administrator > > Venix Internet Services - http://www.venix.net > > E-mail: nader@venix.net > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > ------_=_NextPart_001_01C007FF.695DE031 Content-Type: text/html; charset="iso-8859-1"

As long as we're on the topic. 

I was getting these errors with the apache13-modssl port with both Netscape 4.73 and IE 5.01SP1 (on Win2k SP1):

[16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Handshake: start
[16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: before/accept initializatio\
n
[16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 read client hello A
[16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 write server hello A
[16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 write certificate A
[16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 write server done A
[16/Aug/2000 00:09:25 09537] [trace] OpenSSL: Loop: SSLv3 flush data
[16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Loop: SSLv3 read client key excha\
nge A
[16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Write: SSLv3 read certificate ver\
ify A
[16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Exit: error in SSLv3 read certifi\
cate verify A
[16/Aug/2000 00:09:26 09537] [trace] OpenSSL: Exit: error in SSLv3 read certifi\
cate verify A
[16/Aug/2000 00:09:26 09537] [error] SSL handshake failed (server appserver.jum\
pweb.com:443, client 63.89.161.43) (OpenSSL library error follows)
[16/Aug/2000 00:09:26 09537] [error] OpenSSL: error:1408F071::lib(20) :SSL3_GET\
_RECORD:bad mac decode [Hint: Browser still remembered details of a re-created \
server certificate?]

If I forced things to SSLv2 I still got errors:

[16/Aug/2000 00:16:19 09629] [info]  Seeding PRNG with 512 bytes of entropy
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Handshake: start
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: before/accept initializatio\
n
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 read client hello A
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 write server hello A
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 read client master ke\
y A
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 server start encrypti\
on
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Loop: SSLv2 write server verify A
[16/Aug/2000 00:16:19 09629] [trace] OpenSSL: Exit: failed in SSLv2 read client\
 finished A
[16/Aug/2000 00:16:19 09629] [error] SSL handshake failed (server appserver.jum\
pweb.com:443, client 63.89.161.43) (OpenSSL library error follows)
[16/Aug/2000 00:16:19 09629] [error] OpenSSL: error:140BB004::lib(20) :SSL_RSA_\
PRIVATE_DECRYPT:reason(4)

So I fudged the environment variables and built openssl-0.9.5a from /usr/ports and plugged libcrypto.* and libssl.* with the 0.9.5a versions and everything started working.  Is there any technical reason that the 4.x baseline is still 0.9.4?  There seems to be known interaction bugs with 0.9.4 and the newer browsers having to do with framing expectations not being met that are fixed in 0.9.5a.

--

Mark


 

 


> -----Original Message-----
> From: Nader Turki [mailto:nader@venix.net]
> Sent: Wednesday, August 16, 2000 8:01 PM
> To: freebsd-stable@FreeBSD.ORG
> Subject: Re: apache13-modssl
>
>
> thanks guys i fixed it, i guess all i had to do was
> apachectl stop
> then
> apachectl startssl
>
> later,
>
>       --nader
>
> ----------------------------------------------
> Nader Turki
> System Administrator
> Venix Internet Services - http://www.venix.net
> E-mail: nader@venix.net
>
> On Wed, 16 Aug 2000, Nader Turki wrote:
>
> > hi there,
> > i installed fresh FreeBSD 4.1-RELEASE and upgraded to
> FreeBSD 4.1-STABLE
> > and upgraded the ports too.
> > i installed apache13-modssl from the ports. http is working
> fine but https
> > is not working i get the following message on logs:
> >
> > [16/Aug/2000 14:49:57 01027] [info]  Server: Apache/1.3.12,
> Interface:
> > mod_ssl/2.6.6, Library: OpenSSL/0.9.4
> > [16/Aug/2000 14:49:57 01027] [info]  Init: 1st startup
> round (still not
> > detached)
> > [16/Aug/2000 14:49:57 01027] [info]  Init: Initializing
> OpenSSL library
> > [16/Aug/2000 14:49:57 01027] [info]  Init: Loading
> certificate & private
> > key of SSL-aware server www.ensonic.net:443
> > [16/Aug/2000 14:49:57 01027] [info]  Init: Requesting pass
> phrase via
> > builtin terminal dialog
> > [16/Aug/2000 14:50:04 01027] [error] Init: Private key not
> found (OpenSSL
> > library error follows)
> > [16/Aug/2000 14:50:04 01027] [error] OpenSSL:
> error:0D06B078:asn1 encoding
> > routines:ASN1_get_object:header too long
> >
> > was hoping maybe someone could help me.
> >
> > thanks,
> >
> >     --nader
> >
> > ----------------------------------------------
> > Nader Turki
> > System Administrator
> > Venix Internet Services - http://www.venix.net
> > E-mail: nader@venix.net
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>

------_=_NextPart_001_01C007FF.695DE031-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message