netbsd-users: Re: strange apache & SSL problem

Subject: Re: strange apache & SSL problem
To: Patrick Mackey <netbsd@deniedaccess.org>
From: None <carnivorous@gmail.com>
List: netbsd-users
Date: 01/12/2005 18:40:32
Some interesting things I forgot to mention.

Earlier when I said openssl s_client -connect www.myserver.com:443 was
working...  Well, that wasn't entirely true.  I just noticed that it
works for openssl s_client -connect localhost:443, but when I put the
external server address instead of localhost, it just hangs.

Also, doing a completely fresh install & creating certificates, I
noticed that even when ssl.conf under /usr/local/etc/httpd is NOT
configured with the right values (i.e. it still has the
server.example.com example in it), I see the same weird characters in
my access_log.  So this means that it's not a configuration problem.

I've tried 

Listen 1.2.3.4:443

where 1.2.3.4 is my real IP address, in hopes that it would only bind
to the external address, but that didn't work.  This time 'openssl
s_client -connect localhost:443' just gave me a connection refused.

I've also scp'ed the httpd binary from an almost identical box that
has apache+SSL working fine.  Same results.  I've deinstalled, and
installed both apache and openssl....I've run out of things to try,
sadly.



On Wed, 12 Jan 2005 16:22:10 -0800, carnivorous@gmail.com
<carnivorous@gmail.com> wrote:
> After pkg_delete'ing anything that has to do with apache or openssl,
> doing make clean and recompiling it all (first recompiling openssl
> then apache), the
> 
> openssl s_client -connect www.myserver.com:443
> 
> doesn't seem to work anymore.  Now I don't get anything back.  I did
> start apache with 'startssl' and the certificates are in place and
> stuff.  I still get the weird characters in access_log and the error
> message that firefox gives me.  Any ideas?
> 
> On Thu, 13 Jan 2005 12:05:48 +1300 (NZDT), Patrick Mackey
> <netbsd@deniedaccess.org> wrote:
> > > However, when I tpe something, and it spits out the Apache version
> > > stuff, I see this at the bottom:
> >
> > Yeah, openssl opens an ssl connection to the server. You should be able to
> > then request a webpage by something like:
> >
> > GET / HTTP/1.1
> > HOST=www.myserver.com
> >
> > Then hit 'enter' twice.
> >
> >
> > > Could it be that apache is using an older openssl module for some
> > > reason?  Maybe the two are not in sync and that's what's causing the
> > > problem.
> >
> > You could try recompiling apache against the current version of openssl.
> >
> > --
> > Best Regards,
> > Patrick Mackey
> >
> > ------------------------------------------
> >      "You can't take the sky from me"
> >     Firefly: http://www.fireflyfans.net
> > ------------------------------------------
> >
>