Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 12th February 2008, 02:46
dbaniza dbaniza is offline
Junior Member
 
Join Date: Feb 2008
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This might be a very stupid question, but how is the compilation of the patched apache at all possible with an etch building pbuilder? After looking at the patch a bit and trying this and that I got the impression that it needs a version of libssl-dev that knows what tls-extensions are, which isn't the case for the libssl in etch that pbuilder is instructed to use.
What makes me think so are those lines of the patch:
Code:
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
+#define OPENSSL_NO_TLSEXT
+#endif
+#endif
I commented them out, hoping that thinks will start working that way, but it just gave me a lot of function not declared errors and similar, strenghtening my belief that I'm compiling against the wrong libssl.
Any ideas?

PS: gnutls does look interesting, but since mod_ssl will support sni per default soon (or at least I think I read something like that recently) the trouble of hacking ispconfig to work with it doesn't seem that necessary (to me at least). The problem with gnutls is that it uses its own options for the apache config and getting ispconfig to use them too would require more that just commenting out lines.
Reply With Quote
Sponsored Links
  #12  
Old 16th July 2008, 12:58
qrta qrta is offline
Junior Member
 
Join Date: Jul 2008
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Default Apache works, but doesn't support SNI

The patch attached to the article made some fuzz, so I've tried this:
https://issues.apache.org/bugzilla/a...t.cgi?id=19676

I've followed the instructions, but the compiled mod_ssl doesn't work
Output of the pbuilder apache2 compilation shows that
...
Selecting previously deselected package libssl-dev.
Unpacking libssl-dev (from .../libssl-dev_0.9.8c-4etch1_i386.deb) ...
...
so, libssl-dev's etch version used along the compilation. In the article the ssl compilation is after the apache, but apache depends on ssl... I don't understand it

Etch's libssl doesn't contain the required TLS extension, I think, and can that way produce correct mod_ssl binary???

However, how can I test the result? Is there any method by for example 'openssl s_client ...'?

Is there any way to put the newly compiled libssl-dev into the pbuilder's environment?
Reply With Quote
  #13  
Old 17th July 2008, 08:49
archerjd archerjd is offline
Member
 
Join Date: Dec 2006
Posts: 66
Thanks: 6
Thanked 6 Times in 6 Posts
Lightbulb

Quote:
Originally Posted by qrta View Post
Is there any way to put the newly compiled libssl-dev into the pbuilder's environment?
I believe you have a point here.
Since the most recent major update to openssl it seems this how-to doesn't work any more. I believe this can be fixed by reconfiguring pbuilder to re-use packages built by pbuilder. I had left this bit out of configuring pbuilder because I felt it was unnecessary. now it appears so.
Follow the link below to reconfigure pbuilder, build OpenSSL first, and then Apache2. I will rewrite this how-to when I get the chance. In the mean time, can you let me know if configuring pbuilder and compiling in this order fixes the issue?
http://edseek.com/%7Ejasonb/articles...l#pbuilderhook

-Archer
Reply With Quote
The Following User Says Thank You to archerjd For This Useful Post:
qrta (17th July 2008)
  #14  
Old 17th July 2008, 11:28
qrta qrta is offline
Junior Member
 
Join Date: Jul 2008
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Thumbs up It works now :)

Thank you for the answer!

OK, yesterday I continued thinking on the problem and resolved that by one simplier method, but it not so nice as yours.
That was the trick:

# pbuilder update --distribution lenny --override-config

Lenny contains TLS extensions capable libssl-dev now, and after apache2's compilation/installation only one extra package (libsqlite-0, or something like this) tainted my pure Etch installation (almost pure, because I installed php xcache, and it needed lenny packages too - http://www.howtoforge.com/xcache-php...e2-debian-etch)

By the way your how-to is excellent one, thank you for the original idea!!
Reply With Quote
  #15  
Old 17th July 2008, 21:10
archerjd archerjd is offline
Member
 
Join Date: Dec 2006
Posts: 66
Thanks: 6
Thanked 6 Times in 6 Posts
 
Default

Quote:
Originally Posted by qrta View Post
# pbuilder update --distribution lenny --override-config
Rebuilding Openssl is unnecessary if you are going to be installing from Lenny.
TLS extensions are enabled by default.

You can see it here in the changelog.
http://packages.debian.org/changelog...10.1/changelog

Also, many have suggested using mod_gnutls.
I believe mod_gnutils is faster, cleaner, and a better way of going about this.
But there were too many dependencies to backport GnuTLS for mod_gnutls on etch.
mod_gnutls works great, but requires you to upgrade to Lenny.
I tested mod_gnutls with ISP3, and it works like a charm.
Of course there were a lot of things that were a little unclear about configuring Apache2,
but in the long run it is still in the testing stage, not stable.
Hmm.. mod_gnutls would make another good how-to.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple sites -> same admin user merlincc General 1 24th December 2006 11:52
Multiple Web/FTP sites g8rbait General 1 12th August 2006 12:09
~~ NEW SERVER SETUP ~~ Multiple sites config Question chotgor1 Installation/Configuration 1 13th July 2006 13:39
Multiple Sites to same folder mphayesuk General 1 11th May 2006 11:38
Multiple SSL sites on 1 server heat Server Operation 1 26th April 2005 13:05


All times are GMT +2. The time now is 13:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.