[users@httpd] Re: Apache v2.0.58 binaries for Windows w/SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Doc,

It was my understanding that we have completed the SSL notification process
(and we had) - but shortly after shipping 2.0.58 and preparing for 2.2.2
(which needed a revised notification for the 'richer' ECC cryptography
in OpenSSL 0.9.8) some potential gaps in the process were discovered.  This
led to a very long email thread on dev@httpd (public) which may be close to
being resolved after a productive discussion yesterday (and a BoF meeting
this evening in Dublin, so hopefully other dev@s are now in-the-know).

So the binaries are gone until a few corporate officers agree that on one
straightforward method to handle the export requirements, and I exited stage
left while they come to their consensus.  But your question below is a very
universal one that applies to any 'extra -D config sections' so read on...


Savage, Robert CTR USTRANSCOM J6 wrote:
When Apache v2.0.58 was released in early May, both ssl and no_ssl Windows binaries were posted to http://apache.edgescape.com/httpd/binaries/win32/.
I encountered immediate SSL problems. All attempts to connect via HTTPS failed. After three weeks of pulling my hair out, a friend told me to check the Windows registry. Voila! There the command line string that invokes Apache2 as a service was missing a required “‑DSSL” parameter. When I added that back in, v2.0.58 w/ssl runs perfectly. 

Yes, there is a very nice feature that's not well documented.  If your
server is in the usual location, and you wanted to toggle -DSSL, you can
either invoke bin\apache.exe -k start -DSSL, you can bring up the service
property page and put -DSSL in the run options box before clicking 'start',
or you can type the command

  bin\apache.exe -k config -n Apache2 -DSSL

along with other options.  -n defaults to Apache2.2 of course.

It also makes equal sense to simply remove the <IfDefine SSL> start
and </IfDefine> end block-tags, and just leave the ssl config always-included.
That is, once ssl is correctly configured.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux